The intent of a phishing email is for a user to click on a link that will execute malicious code on their computer or for the user to provide sensitive information, such as a username and password, through a fake form. Phishing emails may also attempt to look like they are coming from a legitimate company, such as Google or Facebook, or be written in a way to make the user feel like they must act quickly or something bad will happen like their account will be locked out or they won’t get paid on time. For example, a known phishing email will appear to come from Microsoft technical support with the heading “Unusual sign-in activity” and urging you to contact support immediately by clicking on a link.
In addition to clicking on a link or providing information, other common goals of phishing emails are for a user to call a fake customer service number, open a document that has macros, or even just simply replying to the email. Sophisticated phishing campaigns may have a working hotline that users will be tricked into calling and providing personal information. Phishing emails can also contain attachments, such as a Microsoft Word document that when you open it, a piece of code known as a macro automatically runs. While macros were designed as an additional feature, they can also be used with malicious intent. Finally, replying to an email confirms that address as active and as a target for future phishing campaigns.
Phishing campaigns are easy to initiate, do not require bad actors to be technologically capable, and are so common that in 2019 alone, Google blocked 100 million phishing emails intended for Gmail users.
A great defense against phishing emails is understanding how to spot them. Start with the email address of the sender and the subject line. Is it unfamiliar or contain spelling errors? Also, be aware that email addresses can be spoofed and look like they came from a legitimate source. Look at the body of the email next, is it asking for you to enter sensitive information or asking you to act quickly? If any part of the email looks suspicious, do not click on any link or reply to the email. Notify your IT department and they will guide you through the proper procedures defined in their policies.