How Does Phishing Work?
Phishing is generally mass-marketed. A phishing email from a fraudulent email address that is made to mimic a Microsoft service email might be sent to tens of thousands of individuals. At first glance, the spoofed email appears legitimate, and a fair number of people click the link and input their account information, which could be used by or sold to bad actors. Upon closer inspection, the email address often has typos or other spam indicators—instead of the actual email address of the supposed institution, it will have one-off typos, such as the numeral 0 used for a letter o.
For cyber criminals, the appeal of phishing lies in its ratio of effort to reward. Sending a mass-marketed email is easy. Purchasing malware delivery is cheap. And even if many of the email recipients won’t fall for the phishing lure, the handful who do can be extremely lucrative.
What Is a Phishing Email and How Can One Be Recognized?
Phishing also broadly encompasses several different forms of more specialized deception, and each has its own way of betraying its disguise. The examples below are all real-life phishing attempts received by Anderson Technologies’ employees.
For more examples, take our phishing quiz!