Email Phishing Explained

What is it, how does it happen, and why do people do it?

Phishing Tackle

  1. Catalogue
  2. Resources
  3. Phishing Tackle
  4. Email Phishing Explained

How Does Phishing Work?

Click the boxes below to learn more about the three stages of phishing.

  • Phishing: Stage 1

    A website is created with functionality to collect information provided by users.

    Sometimes this is a ‘clone’ of a genuine website, with malicious functionality added before it is published online.

  • Phishing: Stage 2

    The phishing emails are created, with links taking users to the information-harvesting website.

    Attachments may also be used as part of the phishing process, or to attempt to spread malware.

  • Phishing: Stage 3

    The phishing emails are sent to the users.

    Users clicking the links are directed to the website that was created at Stage 1. The website then gathers the information users provide.

What's the Point of Phishing?

Obtaining personal data or sensitive information can allow a cyber-criminal to perform further actions more easily than they could do without it.

Data collected could provide enough for a cyber-criminal to perform identity theft procedures, and then obtain financial services; or, where passwords have been collected, the attacker may be able to compromise accounts (like email accounts), or even gain full remote access to a computer. 

How Big is the Phishing Issue?

The Anti-Phishing Working Group (APWG) state that reported unique phishing campaigns have increased from 173,000 in 2005 to over 1 million in 2018, so it really is a widespread, growing issue.

In mid-2019 the 2019 Email Security Benchmark Survey report by GreatHorn found that 22% of businesses experienced a data breach due to an email-based attack in a three month period. 

Earlier in 2019 the BBC also reported on a phishing scam affecting a fee-paying school in Newcastle, and insurer Ecclesiastical found in their ‘Cyber risk and education’ research that 50% of the schools that had experienced a cyber-attack listed phishing as the attack type.

Why is it Called Phishing?

It’s generally agreed that the earliest phishing attacks, in the mid-90s, targeted AOL users with attempts by cyber-criminals to steal account details and passwords.

This practice was likened to fishing (angling), as the email functioned as a sort of ‘bait’ or ‘lure’, and it only needed a few people to ‘bite’ to make it worthwhile.

The ‘ph’ in phishing replaces the ‘f’ from fishing in a reference to phreaking, a common hacking style in the late 60s and early 70s involving the manipulation of phones and phone networks.

What is Email Spoofing?

Email spoofing is an email with a forged (or ‘spoofed’) sender address.

The email protocols in use around the world were not originally created with information security in mind, and do not incorporate authentication (which would verify the origin of an email message). Spam and phishing emails therefore often use spoofing in an attempt to mislead the user (i.e. trick them in to thinking the message has come from a trusted source).