Email phishing is a fraudulent attempt to obtain sensitive information by disguising an email as a legitimate message from a trusted source. Attackers might pretend to be your bank, a government agency, or even your boss.
Email phishing is one of the oldest tricks in the cybercriminal playbook, but it’s still highly effective. That’s because it targets the most vulnerable part of any security system: human judgment.
Criminals impersonate a trusted company contact to trick employees into transferring money or revealing confidential information.
Common Signs of a Phishing Email
Phishing attacks are becoming more sophisticated, but awareness is your best defense. The more you know about the warning signs, the less likely you are to fall victim
- Suspicious Sender Address– Find what’s missing
- Generic Greetings – Identify and fix weaknesses
- Grammar and Spelling Errors – Policies, procedures, access control
- Unexpected Attachments or Links – Train staff and apply controls
- Too Good to Be True Offers – External audit for approval
While the concept dates back to the mid-1990s, it remains one of the most successful cyberattacks because it exploits human trust, not just technical vulnerabilities.