The Anatomy Of A Phishing Email

For some, there is no better feeling than kicking back on a sunny day by the river banks and throwing down the line, and luring in a big fish.

Cyber attackers are doing their own kind of “fishing,” and you are their big fish.  Formally known as phishing, attackers constantly cast their lines and see who will fall for the bait.

This article will discuss how you can recognize a phishing attack and what to do when you do.

Let’s discuss.


What is a Phishing Attack?

A phishing attack is a type of cyber attack that falls under the social engineering umbrella. Social engineering is a type of attack that relies very little on technological know-how. It is often the preferred attack vector for bad actors because of this reason.

There are some nuanced phishing styles, but most will involve the same techniques, and the general principle remains the same.

Essentially, attackers are exploiting human nature to gain access to sensitive data. They will look for weaknesses in the security awareness of an organization. Often performed through email, they will exploit individuals’ greed, kindness, fear, or passion.

For example, one of the most infamous viruses, ILOVEYOU, was a computer worm distributed via email. The email had the subject line that simply read “ILOVEYOU,” and within the email was a “.txt” file (text file) titled “a love letter for you.”

The virus was released in the year 2000 when the internet was relatively new. Not many people were even aware that phishing was a thing, so many clicked on the file and were infected with the ILOVEYOU computer worm.

The fallout of the virus was so severe that an estimated 10% of computers worldwide were infected, costing an estimated $10 billion losses just to rectify.

Because this virus spread through email using what would be considered social engineering techniques today, this was the first global email phishing example.

Now it is doubtful a phishing attack of this scale would occur today. However, it does showcase the danger of opening emails from unknown sources.


Schedule a Free Consultation!


Types Of Phishing Attacks

The ILOVEYOU virus is an example of email phishing, but phishing comes in various forms. In this section, we will explore the most common type of phishing that you may encounter.

But before that, it is crucial to understand the basic principles of phishing; regardless of what type of phishing an attacker is employing, the end goal remains the same.

They are trying to bait users into giving up personal data or business-critical information. The attacker will then use this information to gain further access into an information system or use it for other purposes such as blackmail.

email encryption laptop2 300x106 1

Email Phishing

We briefly mentioned this type of phishing in the previous sections. Email phishing uses the medium of email to get users to either give up information or to click on a link.

In automated cyberattacks, the easiest thing to do is to get victims to click on a link. The link will then redirect them to the attacker’s website, where the victim can input their data or deploy a “.exe” (referred to as an executable) file that will download and install malware onto the system.

Email phishing is by far the most common type of phishing. These attack vectors are wide-ranging in sophistication, as we will see in the following two types of phishing.


Spear Phishing

Spear phishing is a type of targeted email phishing technique. Most attackers will cast a wide net and use generic phishing emails and see who will get caught in their barrage of emails.

Conversely, spear-phishing, as the name suggests, is highly targeted. Sticking to the fishing analogies, it got its name because using a spear to fish is much more precise and deadly than using a net to catch one.

The attacker will take their time to study the victim and craft a personalized email to try and bait the person to give up personal information.

For example, suppose an attacker is trying to gain access to a specific system and knows that the system admin likes to play card games online. In that case, they may send a personalized email to them that imitates a popular online card game.

The idea being the victim is more likely to click on a link for something they are familiar with or that they enjoy doing, like playing card games online.



Whale-phishing, or whaling, is almost identical to spear-phishing except that it targets a specific audience, the C-suite.

An attacker will use phishing techniques to impersonate high-level target executives in an organization as a quick way to the top.

You will not see this kind of phishing often as it takes a particular type of cyber attacker to pull it off (the kind that you might see in Oceans 11). However, this phishing attack has the highest damage potential.

Usually, an attacker will spend months studying the victim and the organization to find the way an executive talks, the kind of emails they send, and their habits.

With this information, they hope that they can bait lower-level personnel to give up business-critical data.


Smishing and Vishing

These two types of phishing attacks require mobile phones to be successful—the first type, “smishing,” baits victims through text. And the second “vishing” baits victims through voice over the phone or via VOIP apps like Skype.

Again, the principles for these attacks remain the same. Attackers will try to bait victims to give up information through impersonation; it’s just that the medium is different.

The success of this phishing attack varies with the audience. Over the past few years, there has been a massive boom in phone scams that target the elderly. These scammers will impersonate companies like Amazon or Apple in an attempt to steal the victim’s money.

These scams have become quite elaborate and involve large networks costing people billions a year (reaching 19.7 billion dollars in the US in 2020 alone).

Generally, this type of scam will involve email phishing first, getting the victim to call them.


Angler Phishing

The last type of phishing mentioned on this list is angler phishing—a new phishing type in the social media space.

Social media is a great communication tool, and organizations have adopted it to communicate with their customers quickly over the years. Unfortunately, one of the downsides of social media is the ease of their use and abuse.

You might be thinking, “how can ease of use” be a bad thing?” In terms of security, it is easy for anyone to create an account impersonating others and organizations.

Recently, particularly on YouTube, many attackers have been impersonating financial channels (channels that discuss stocks, investment, and finance) to bait viewers into contacting them via WhatsApp.

Youtube is susceptible to this phishing type because there are no restrictions on the channel name and profile picture, meaning you can create a profile with the same name and profile picture as another user.

Other than the original channel owner warning their viewers of these types of attacks, they can do little to stop it (blocking the scammer from commenting just means they will create a new account).

For this to stop, it will require input and management from Youtube.

This is just one example, but in short, angler phishing is phishing done through social media. And like an angler, the attacker attempts to draw people towards them.

email security2 300x99 1

What To Look For In Phishing Emails

Phishing attacks can be easy to detect if you know what you are looking for; before getting into more detail, you should always trust your instincts.

If you think an email is not legitimate, do not take action. Your company may have a way to report suspected phishing attacks, so do take advantage of that.

In most cases, email phishing requires some luck on the part of the attacker. For example, if you have requested a password reset for one of your accounts, you expect to see an email from the service provider.

But there may be times where you seemingly get an email from out of the blue. Whether it be for a password reset or asking you to take action, you should always be suspicious if you did not request anything from your service provider.

However, there may be times where there is a legitimate email, and you should take action. In the following section, we will give you some practical steps to determine whether an email is a phishing attempt or not.


Domain Name

The first thing you will want to do is analyze the domain of the sender. Attackers will often attempt to impersonate high authority websites, like Amazon or Paypal.

Both the mentioned services have official customer service domain names, which you can find on their website. And in the case of Paypal, all customer service will be conducted through the website portal.

But through impersonation, attackers will change a few letters in their domain address that makes it seem like it’s coming from Paypal.

For example, it may look something like “customerservice@pà” or “” Notice the accent on the a; this might fool some people into thinking that they are legitimate addresses.

In the second example, you can see that the official domain is not in the second part of the email (indicating the domain name) and is a random domain name with nothing to do with Paypal.


Grammatical Errors

Another thing to look for is grammatical errors. No big organization is free from making grammatical mistakes, but there is much quality assurance crafting well-written emails.

This QA means that most emails that are either automated or sent directly to you are checked for grammar. Phishing emails will often come from scambaiting businesses based in non-English speaking countries.

These emails often contain many grammatical errors, enough to make you suspicious of their true origin. So always read the body text to ensure that it is free of any spelling or grammar mistakes.

However, this is not foolproof as phishing emails become more sophisticated, so too does the copy.


Link Destinations

Phishing emails usually get you to click on a link or open a file, so you mustn’t click before examining the link destination.

This is easier to do than you think. Most email platforms allow you to hover over links without clicking them. When you hover over a link, a gray bar should appear at the bottom left corner of the screen (try it with this link here!).

With the example link above, the gray bar should read “” You can check the link’s destination, and it is a handy tool in detecting phishing emails.

If you suspect that the email is a phishing email and contains a link, hover over it and see where it is trying to send you. Even when the attacker is impersonating an authoritative website, like Google, their actual domain appears in the gray bar.

The rule of thumb is if in doubt, do not click. Take the time to analyze the domain and see if you can recognize it. You can always Google it and see if anyone else has received a similar email.



Phishing attacks have increasingly become a concern for both governments and businesses. With the scamming industry continuously growing, individuals need to become more aware of phishing dangers and spot a phishing attempt.

And it can start with the business. Every organization employs individuals and ensures your security environment is in top shape, trickles down into the communities around you, promoting a more secure business and social environment.

Don’t fall victim to a phishing attack; get in contact with RSI Security today and schedule a consultation here.


Speak with an MSSP expert today – Schedule a free consultation

The post The Anatomy Of A Phishing Email appeared first on RSI Security.

RSI Security