温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.ssh.com/academy/secure-information-sharing/what-is-email-phishing
点击访问原文链接

What is Email Phishing? | SSH

进入原网站 导航首页
What is Email Phishing? | SSH About us Investors Partners Careers Solutions SOLUTIONS Zero Trust Suite Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Assessment, Quantification & Mitigation By Topic Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & multi-cloud access management Interactive tour: Privileged Access in the Cloud M2M connections IT Audits & Compliance Secure file transfer By Industry Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Products SECURE ACCESS & SECRETS MANAGEMENT SECURE FILE TRANSFER & ENCRYPTION NQX™ quantum-ready encryption Tectia™ SSH Client/Server Tectia™ z/OS SalaX Secure Collaboration Secure Mail 2024 Secure Messaging 2024 SalaX Secure Collaboration Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability About us Investors Partners Careers SSH Academy Cloud Cloud Access Management Cloud Applications Cloud Computing Cloud Computing Models Cloud Computing Pros and Cons Cloud Computing Security Cloud Computing Services: Characteristics Cloud Infrastructure Entitlement Management (CIEM) Cloud Security Buyer's Guide Cloud Security Maturity Model Cloud Service Providers IaaS Immutable Infrastructure in Modern IT PaaS SaaS Virtualization Technology Compliance Cybersecurity Compliance Basics of SSH Compliance Basics of SSH Key Compliance Basel III Digital Operational Resilience Act (DORA) Ensuring ISO 27001 with PAM Fips 200 GDPR HIPAA ISACA ISO 27001 NIS Directive A Guide to NIS2 Directive NIST Cybersecurity Framework NIST 2.0 Cybersecurity Framework NIST 7966 NIST 800-53 PCI-DSS Sans Top 20 Sarbanes Oxley Understanding PAM Standards Cryptography Cryptography Explained Cryptography and the Quantum Threat Encryption Key Management Private & Public Keys Quantum Computing & Post-Quantum Algorithms What is File Encryption? Identity and Access Management (IAM) What is Identity and Access Management (IAM)? What is IAM Zero Trust Framework? What is Zero Trust Network Access (ZTNA)? A Guide to Zero Trust Architecture Active Directory Entra ID by Microsoft Ephemeral Certificates & Ephemeral Access Gartner CARTA How PAM Complements Existing IAM IAM vs PAM Identity Governance and Administration (IGA) Identity Management Jump Server Just-in-Time Access Just-in-Time Security Tokens Key IAM Concepts for IT Professionals Multi-Factor Authentication (MFA) OpenID Connect (OIDC) Privileged Identity Management (PIM) Radius Sudo User Account Types User IDs Unified IAM-PAM solution Internet of Things (IoT) IoT Security IoT: Accessing IoT devices for SSH What is IIoT? Operational Technology What is OT Security? Best OT Security Solutions Best Practices for Secure Remote OT Access Critical Infrastructure Cybersecurity: Key Concepts Explained How to Safeguard Your OT Network Without Separate IT/OT Solutions How to Secure IoT and OT Systems: A Practical Guide ICS OT Security Industrial Automation Cybersecurity: Key Considerations and Risks IT vs OT Navigating OT Security Standards OT, ICS, SCADA explained OT Risk Management: What It Is and Why You Need It OT Security Assessment OT Security Best Practices OT Security Essentials OT Governance: Key Principles for Effective Implementation PAM and IACS Integration PAM & IEC 62443 Access Control Standards PAM for Energy Sector PAM for Manufacturing PrivX for Energy Sector PrivX for Forestry Industry Remote Diagnostics for Ships Remote Maintenance of Pulp&Paper Machines SCADA Security Essentials: Your Need-to-Know Guide What Is OT Monitoring and Why Is It Important? What is the IT/OT Convergence? Why Is Zero Trust Access Important in OT? Password and Secrets Management A Guide to Passwordless and Keyless Authentication Break-Glass Access Credential Management System Password and Key Rotation Password Attack Types Password Generator Password Strength Best Practices Password Vaults Passwordless Authentication - Advantages Passwordless Authentication - Implementation Passwordless Explained pt. 1 Passwordless Explained pt. 2 Secrets Management Guide Secrets Vault Zero Standing Privileges (ZSP) Privileged Access Management AI in PAM for Predictive Security Automating PAM Best PAM Solutions 2025 Comparing PAM Solutions Challenges in Cross-Platform PAM Integrating PAM with SIEM KPIs for PAM Least Privilege PAM Best Practices PAM Checklist PAM Enhances Remote Work Security PAM Lifecycle Management PAM Vendors: Must-Have Capabilities for Effective Access Control Privileged Access Management (PAM) Privileged Access Management (PAM) in the Cloud PrivX MFA The Strategic Role of PAM PAM - IT Benefits for Different Industries PAM for Pharmaceuticals Data Security PAM for Healthcare PrivX PA; for Financial Industry Data PrivX PAM for Government and Public Sector PrivX PAM for Healthcare Industry PrivX PAM for Manufacturing PrivX PAM for Media and Entertainment Industry PrivX PAM for Pharmaceutical and Biotechnology Data Privileged Accounts and Sessions Privilege Elevation and Delegation Management Privileged Account PrivX Against Privileged Account Hijacking Privileged Account and Session Management (PASM) Root Accounts Public Key Infrastructure (PKI) What is Public Key Infrastructure (PKI)? PKI Background PKI Certificates X.509 Certificates Secure Information Sharing (SIS) Business Email Compromise (BEC) Business Email Compromise: How to Prevent BEC Attacks Digital Signatures Email Phishing Enterprise Email Security Secure Data Sharing Secure Email Gateways (SEGs) Secure Shell (SSH) What is Secure Shell (SSH)? What is the Secure Shell (SSH) Protocol? Automated M2M Connections Network Monitoring OpenSSH OpenSSH Server Process (SSHD) Port 22 Remote File Copy (RCP) Remote Login (rlogin) Remote Shell (RSH) Secure File Copy (SCP) Session Key Single Sign-On (SSO) Using SSH Agent SSH Command SSH Configuration SSH for Windows SSH Software Downloads SSH Server SSH Server Configuration Tectia SSH Server Telnet WinSCP SSH protocol Vs Microsoft: A Comprehensive Guide Security Orchestration Basics of Security Orchestration Data Loss Prevention (DLP) Security Information and Event Management (SIEM) Security Operations Center (SOC) Security Orchestration, Automation, and Response (SOAR) SFTP & Secure Remote Access File Transfer Protocol (FTP) Clients File Transfer Protocol (FTP) Legacy File Transfer Protocol (FTP) Servers Obsolescent Secure File Transfer Protocol (FTPS) Secure Remote Access (SRA) SSH File Transfer Protocol (SFTP) SSH Clients What are SSH Clients? Tectia SSH Client PuTTY Background PuTTY Download PuTTY for Linux PuTTY for Mac PuTTY for Windows PuTTY for Windows Installation PuTTY Public Keys PuTTYgen for Linux PuTTYgen for Windows SSH Keys A Basic Overview of SSH Keys Authorized Key Authorized Keys File Authorized Keys in OpenSSH CAC and PIV Smartcards Copy ID Passphrase Passphrase Generator Public Key Authentication SSH Host Key SSH Key SSH Key Identities SSH Key Management SSH Key Proliferation SSH Keys for SSO SSH Keygen SSH Tunneling SSH Tunneling SSH Tunneling Example Hacks, Threats & Vulnerabilities BothanSpy & Gyrafalcon Breaches in Operational Technology Breaches Involving Passwords & Credentials GoScanSSH Malware Man-in-the-Middle Prevent Data Exfiltration with PrivX PAM PrivX PAM Against Malware & Ransomware Password Sniffing What is Email Phishing? The term “phishing” comes from the word fishing, because the term describes a scenario in which scammers are fishing for sensitive information by appearing as a trusted authority, like a legitimate official company or a high-status employee. Email phishing is the most common type of phishing.  

Email phishing is a form of scamming used by online attackers who send vicious emails to intentionally deceive people into believing a fraud. These attacks aim to manipulate email receivers into handing over sensitive data such as financial information, business secrets, login information, or system credentials. The most commonly used technique is to manipulate people by creating a sense of fear and urgency to perform an action, like clicking a malicious link or downloading a file containing malware. 

Additionally, email phishing is a social engineering technique. Social engineering is used by online attackers with the aim to understand user behavior, so they can create manipulative techniques and subsequently scam people. The goal of social engineering is to direct and manipulate users into acting without thinking about their actions. 

 

Contents High-risk industries for emailphishing
Types of email phishing 
How does email phishing work? 
An example of email phishing 
Typical phrases used in phishing emails 
How to secure your email from email phishing 
How to protect your organization from email phishing

 

High-risk industries for email phishing Here are a few examples of the industries that are commonly targeted by email phishing: 

Banks and financial institutions  The common goal of many cyber-attacks is financial gain. Thus, targeting financial institutions, which handle vast amounts of money, is extremely common. 

Social media  Another common goal of online attackers is identity theft. By impersonating a trusted social media network, attackers aim to collect login information and steal connected accounts and personal information. 

Online stores (e-commerce)  By posing themselves as e-commerce stores, cyber-criminals aim to steal financial information like credit card data.

  Types of Email Phishing Spiteful web links  Using malicious links is typical in phishing emails. When an email receiver clicks on a malicious link, it typically takes the user to a scammy website or a webpage that is infected with malicious software, also known as malware. 

Fraudulent links are made to appear trustworthy by using logos, company names, and credible images within the email. However, after a closer inspection, it is possible to spot errors or anomalies in the link. (More on how to secure your email from email phishing below.) 

Malicious attachments   Malicious email attachments might look like legitimate file attachments, but they are actually infected with malware that can compromise computers and their files. 

For example, in the case of ransomware (a type of malware), all of the files on the computer could become inaccessible. Another example of a malicious attachment is a keystroke logger, an app/software that could be installed to track everything a user types, including passwords. 

Additionally, malware infections can spread from an infected computer to other networked devices such as servers and cloud systems. 

Scammy data entry forms  These emails direct users to data entry forms to fill in sensitive information such as user IDs, passwords, credit card data, or phone numbers. Once users submit their information, it can be used by online criminals.

 

How does email phishing work? Anyone can be a target of email phishing – it can happen in one’s personal email as well as business email at work. The consequences of email phishing are severe in both cases.  

Email phishing targeting personal email  The intention of most phishing schemes is to steal your login credentials (your username or email address and the associated password). 

Problems that can come from email phishing attacks on your personal email include, for example:  

Charges on your credit card  Money stolen from your bank account  Loans opened in your name without your consent  Fake social media posts  Ransomware to extort money from you  Tax returns filed in your name  Lost access to important documents  Wire transfers to an attacker’s account   Email phishing targeting business email  Cybercriminals target businesses to gain access to sensitive information, data, business secrets, and money. Falling for an email phishing scam at work can lead to serious consequences including, for example:  

Unauthorized access to confidential systems files and communication   Important files can become inaccessible   Business reputation can be damaged  Company’s value decreased and investor confidence reduced  Loss of corporate funds   Interruption of revenue-impacting productiveness

An example of email phishing Mary receives an email from her bank saying that she needs to update her credit card PIN as a security measure within the next 24 hours. She takes action quickly and follows the link provided in the email. She provides her credit card PIN and updates her so called new credit card information which leads to the website becoming unresponsive.  

In a few hours, she notices a big purchase made on a random website with her credit card. She contacts her bank, and it turns out the email was not from her bank. It was an email phishing scam.

 

Typical phrases used in phishing emails Most often online attackers use the word ‘request’ in phishing email subject lines, as the subject line is the first attempt to lure email phishing victims to open the email and click the malicious links or download a malware attachment. 

Other popular key phrases can be: ‘follow up’, ‘urgent’, ‘important’, ‘payment status’, ‘invoice due’, ‘direct deposit’, ‘expenses’, and ‘payroll’. 

 

How to secure your email from email phishing One of the key precautions you can follow is to take time, read, and evaluate the information being sent to you. Starting with the email sender, subject line, and following with the email content, including images, logos, and most importantly links and possible attachments. Be cautious no matter what the email is suggesting.  

Email phishing warning signs  A feeling of urgency and requests for personal data via embedded links are all warning signs. Take a good look at the sender’s email address. The email address often emulates legitimate company or authority names, but there might be small changes and errors in letters. 

Avoid clicking pop-ups and links  Avoid clicking any links provided unless you are absolutely certain that the email comes from a trusted source. Online attackers change the location of the “close” or “X” button on a popup window to trick users into opening a malicious site or downloading malware.  

Protect your credentials Secure your valuable information by changing your passwords frequently or by using a solution that protects your credentials for you. Make sure that your communication and data are well protected from malware by using updated data protection software. 

Businesses are offered a variety of security tools – make sure that you select the right tools suitable for your business. The right secure business communication tools will offer businesses high-level, robust security and encryption in line with industry regulations and data privacy laws. 

Don’t provide credit card or other financial data easily 

Don’t share financial or credit card data on a website that you are not familiar with. You should always deal with great caution with a website or an email that promises gifts or quick wins. 

Email phishing and remote working  Remote working can create a risk for data protection as users often don’t have enterprise-level cybersecurity at home unless their employer provides the right tools. This may offer the attackers a higher chance of a successful email phishing campaign. It is extremely important for organizations to train their employees to be aware of online threats, such as email phishing. 

Update software and firmware  Software and firmware developers release updates to remediate bugs and security issues. Remember to always install these updates to make sure known vulnerabilities are no longer present in your infrastructure.

Use encrypted emails  Email encryption is an authentication process that forbids messages from being read by an unintended or unauthorized individual. It scrambles the original sent message and converts it into an unreadable format. Email encryption is essential, especially for businesses, when sharing sensitive information via email.

Verify sender and recipient  If you are sending sensitive or critical information, use a solution that verifies the sender before allowing the transmission of the email. Strong identification includes biometric, password-based, or token-based authentication. It is good practice to force the recipient to verify their identity before getting access to the email.  

These two methods combined make email phishing more difficult to achieve. 

Use multi-factor authentication (MFA)  MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. Rather than just asking for a username and password, MFA requires one or more additional verification factors such as PIN code sent via a text message, which decreases the likelihood of a successful cyberattack.

 

How to protect your organization against email phishing There are ways for organizations to mitigate the risk of email phishing. We at SSH Communications Security recommend businesses send emails containing sensitive or critical information only by using solutions with enterprise-grade security.  

An easy way to do that is to use encrypted secure email, like our SalaX Secure Mail. Its robust encryption ensures that the message cannot be intercepted in transit, and the sender-recipient verification and MFA give you the confidence that the email has been sent from a legitimate source and has been received only by the intended recipient(s).  

Learn more about SalaX Secure Mail >>> 

Start your journey toward enterprise email security and reach out to us to see SalaX Secure Mail in action >>> 

 

SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Solutions Zero Trust Suite Zero Trust Suite & Entra ID Integration Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Mitigation OT security MSP Security Device Trust Monitoring & Threat Intelligence Credentials & Secrets Management IT Audits & Compliance Products PrivX™ Hybrid PAM PrivX Key Manager Tectia SSH Client/Server™ Tectia™ z/OS Secure Messaging Secure Mail Secure Sign NQX™ Quantum-Safe Services SSH Risk Assessment™ Professional Services Support Resources Careers References Downloads Manuals Events & Webinars Blog Company About us Contact Investors Partners Press Stay on top of the latest in cybersecurity Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form. © Copyright SSH • 2025 • Legal

智能索引记录