Why Are Phishing Emails So Dangerous?

Previous topic Next topic
User avatar
Roxy
Scam-Scout
Scam-Scout
Posts: 5630
Joined: 23 Jan 2020

Why Are Phishing Emails So Dangerous?

Post by Roxy »

Why Are Phishing Emails So Dangerous?

Phishing emails are very dangerous in nature because they are designed purely to fish out some personal information from you that a cyber criminal can use to get access to your personal accounts. Their goal in doing this is to steal money or other valuable information from you. The phishing scammers could be going after such things as wanting to hack into your bank and credit card accounts, email accounts, social media accounts, cloud accounts, or other types of online service accounts like eBay, Amazon, YouTube, Netflix, PayPal, etc.

Another major strategy of phishing emails is to steal your personal identity so that it can unknowingly be used to open fraudulent bank accounts or apply for loans or credit cards in your name which you could then become legally and financially liable for later.

Certain phishing emails may also include links that, will not only try to get your account information from you, but also install some harmful software onto your computer (known as malware) which can do destructive things in the background. Some forms of malware may also be things that function as a key-logger which record passwords as you enter them into your computer while accessing your online accounts. A key-logger will then silently send that information back to the scammer so that they can get access to your accounts remotely using the login information captured by the key-logging software. If you feel you have clicked on any links in a phishing email you have received then you should run a program called Malwarebytes on your system to help detect and remove any malware that might now be installed on your computer. Visit https://malwarebytes.com

Another type of phishing email are ones that contain spoofed unsubscribe links within emails. These emails, often sent out by unfamiliar senders, often don't contain real unsubscribe links, especially if they are contained within what would be considered a typical spam email. In fact, they are often intended to spoof you in order to achieve the exact opposite result. So by clicking on these malicious unsubscribe links you are often confirming to the spammer that your email address is still active and then, shortly after you click on the fake unsubscribe link, the number of scam and spam emails you are receiving may increase even more. So if you receive an email from an unfamiliar sender, don’t just click the unsubscribe link right away. Right click on the unsubscribe link first, select copy, and then paste the link into an empty plain-text file. Then study the link and, if the unsubscribe link appears to be from a strange looking website, then don’t click the link at all. Simply delete the entire email completely because clicking on the link may cause you more harm than good.

Another type of phishing email, which is similar to the spoofed unsubscribe email type mentioned above are phishing emails that are designed to secretly confirm your email address. With these emails the scammer will tell you to click a link to check out a website and, by doing so, you are then also verifying to the scammer that your email address is still active. The more malicious phishing emails, the ones that contain links to sign-up for something, or to log-in to a website and then sign-up, are also designed to steal your personal information and could lead to identity theft as mentioned previously. Plus they may add your email address to scam mail lists too. All of these links should be avoided. So, if someone unfamiliar to you sends you a link to a website of any kind then you should never click on the link, ever.

Some people may also refer to the majority of the scam mails posted on this website as being phishing emails too. And perhaps they are in the sense that they also try to spoof you into doing something that can unknowingly result in a financial loss. But the main criminal intent of most of the scam emails we post on this website is to achieve fraudulent financial gain via something known as "Advance-Fee Fraud". This means the bulk of the scam emails on this website are not going after access to accounts or personal information as their main objective.

Advance-Fee Fraud is best described as an offer of money, merchandise, services, employment, or even romance, but where the victim is asked to pay a fee in advance to obtain whatever is being promised to them by the scammer. Of course, any money paid to a scammer will be lost and anything they are offering is just all lies with the sole intent to defraud.

But it also is not uncommon for Advance-Fee Fraud scammers to implement the use of phishing methods that employ fake and spoofed internet domains, fake websites and deceptive email addresses as part of their scams to make you believe you are dealing directly with a legitimate and known company or bank when in fact that is not the case. The use of fake and spoofed bank internet domains and websites is one of the most popular phishing techniques used by Advance-Fee Fraud scammers.

So What Do Phishing Emails Look Like And How Can We Avoid Them?

As explained above, phishing is mainly the fraudulent attempt to obtain sensitive information, or data, such as usernames, passwords and credit card details. This is done by a scammer disguising them self as a trustworthy entity in an electronic communication (can be an email, text message, or via direct messaging on social media platforms). And phishing communications often look like they were sent by a company that you may already have an account with and where the phishing scammer is attempting to spoof the user to enter personal information into a fake website which matches the look and feel of the legitimate website. So the communications often appear as they are coming from trusted companies such as social media web sites, banks, credit card companies, webmail providers, online payment services or even IT administrators.

Most phishing methods use some form of technical deception designed to make a link (and the spoofed website it leads to) appear to belong to the legitimate organization. Often misspelled URLs or the use of subdomains are common tricks used by phishers to throw you off. Another common trick is to make the displayed text for a link in a phishing email suggest a reliable destination, but then the link actually goes to the phishers' fraudulent website. Normal phishing attempts can be easy to spot because the malicious page's URL will usually be different from the real website's link. But for a covert redirect, an attacker could even use a real and authentic company website by first having hacked and corrupted the site with a malicious login popup dialogue box. This makes covert redirects different from other phishing attempts and makes them even more misleading and dangerous.

The Bottom Line:

Large internet companies, financial institutions, online payment companies, credit card companies and banks will never, for any reason, send you an email telling you that your account has been blocked or locked and that you need to send them your account login information via email to reset your password, or that you need to click on a web link to reset your password to unblock your account or to start up a new account. None of this will ever happen in the real world. Real banks will also never send you a link to a website and ask you to login to apply for a bank account online or to check your account balance.

Thus, in conclusion, it can be very dangerous if you respond to any unsolicited email by providing the unknown sender any type of personal information that they are asking for, either via email, text message or by clicking on a link. And if you receive a suspicious email with links to go to a website or to update personal information, then never click on the link unless you are absolutely sure that it is being sent from a known and safe sender. In general, any emails you receive that involve any of these types of instructions are phishing and can safely just be deleted. And if you treat all unsolicited, unknown and suspicious emails in this way then you will always be safe.

Previous topic Next topic

Return to “General Info & Announcements”