Phishing Awareness: Spotting and Stopping Email Scams

By /

What is Phishing?

Phishing is the fraudulent practice of sending emails or other messages pretending to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. These can come in many forms, in addition to email, such as SMS phishing through text message, voice phishing through voice calls.

The three types of phishing campaigns are blanket phishing to try to get the lowest hanging fruit, then there is spear phishing which targets a specific individual or group of individuals, for example, targeting an organization by doing reconnaissance on them. Then there is a type of phishing that is a bit more critical, targeting executives in a company to try to gain privileged information, for example targeting a CFO or Chief Financial Officer to gain payment information for fraud.

Example Phishing email impersonating PayPal

As you can see, there are many indicators of a phishing attempt

The email shows it is from Team Support, possibly PayPal support however it points to a malicious email address not affiliated with PayPal
The greeting is pretty generalistic as well as it has some grammatical errors in the text, legitimate emails would target the customer more instead of a general header
It tries to get you to click on the link to confirm your account information
Which will most likely redirect to their malicious website to have you log in and collect your credentials
If you did click on the link, and put in your credentials, it would most likely fail and then redirect to the legitimate paypal site but the damage would have been done and attacker has gotten the credentials

Example of an SMS phishing attempt

As you can see with this, this is a phishing text message impersonating USPS. The indicators of this are:

  • the email address ending with a foreign top level domain (.ru) –
    • This seems to be a throwaway email address using a malicious domain that the link might redirect to.
  • There is also a spoofing USPS link, the official website for USPS is www.usps.com but this one says usps.com-packagesrpr.vip so this is a .vip top level domain not a com

Phishing Prevention

There are many ways to prevent phishing attempts from compromising your account or organization:

  • Set up Multi-Factor authentication -> This would require a second method to be inputted upon login so if an attacker DOES get your credentials to log in, they won’t know the Multi-Factor/MFA code. This should be phishing resistant such as a Authenticator App, Push Notification a pass key or a security key.
  • Never click any links in an email from an untrusted source
    • Recommended would even go further and never click a link or open an attachment until you reach out to the recipient directly to confirm what was sent to prevent known-user spoofing.
  • For an enterprise, using an email security solution will prevent most of the phishing messages from getting to the users in the first place.
    • Most home-based providers like Gmail, Yahoo, or Outlook have similar functionality to help prevent phishing emails from getting into your inbox.

Below is an insightful phishing awareness video that also explains how to spot a phish and how to avoid being caught in the threat actors net.

Think You Can Spot a Phishing Scam? Test Your Skills!

Take a close look at the sample phishing email below and see if you can identify the red flags. Stay vigilant, stay proactive, and report suspicious activity to help make the digital world safer. Ready to put your cybersecurity instincts to the test? Let’s dive in!

Question 1:

What is the indicator in the sender’s email address?

  1. It shows as Microsoft
  2. It shows email-records.com which is a legitimate Microsoft email
  3. It shows email-records.com which is malicious
  4. None of the above

Question 2:

The email says, “A high severity alert has been triggered” Is this a phishing indicator?

  1. Yes, creating urgency is a common phishing tactic
  2. No, legitimate companies often show urgency for all alerts

Question 3:

What’s the safest action if you suspect this email is a phishing attempt?

  1. Reply to the email asking for more details
  2. Report the email to your email provider and delete it
  3. Click the link to investigate further

Answers: [Highlight below line to check answers]

Q1:3 Q2:1 Q3:2

~ Spotting a phishing attempt is half the battle—stopping it is the victory. Your awareness is the shield against online deception. ~

Scroll to Top