Skip to main content
0
  1. Wiki/

Email Wiki: What is Phishing Email

Table of Contents

Phishing Email is a type of cybercrime where attackers impersonate trusted senders (such as system administrators, banks, government agencies, colleagues, or partners) to send fraudulent emails to targets, tricking recipients into revealing sensitive information (like account passwords, bank card numbers) or performing dangerous actions (such as clicking malicious links, downloading infected attachments, or transferring money directly)

What is Phishing

Attack Mechanisms #

1. Identity Impersonation:

The “display name” of the sender’s address is often forged to appear as an authority or contact, but the actual email domain may contain spelling errors or abnormalities (for example, variants imitating “xxb.ecust.edu.cn”). Some emails use technical means to “spoof” the source address, making the email appear to come from a legitimate sender (known as “spoofing attacks”).

2. Deception Techniques:

  • Malicious Links: Direct users to visit fake websites (such as fake bank pages), where entered account passwords are immediately stolen.
  • Dangerous Attachments: Contain Trojan programs or spyware that, when opened, automatically infect devices to steal data or launch further attacks.
  • Psychological Manipulation: Exploit urgent situations (such as “account anomalies” or “tax refund rewards”) or authoritative instructions (such as “leader requests fund transfer”) to lower the victim’s vigilance.

Identifying Characteristics #

  • Suspicious Sender: Email address doesn’t match the claimed identity or contains non-standard domains.
  • Abnormal Content: Contains grammatical errors, coercive language, or requests for passwords, verification codes, or other sensitive information.
  • Link/Attachment Risks: Links point to unofficial websites (such as disguising “icbc.com.cn” as “icbc-bank.net”). Attachments are executable files (such as .exe), compressed packages, or disguised as invoices/documents.

Protective Measures #

  • Technical Protection: Email systems (such as Microsoft Outlook) verify sender authenticity through “anti-spoofing intelligence,” marking suspicious emails as “unverified” (sender image shows “?”) or categorizing them as spam.
  • User Action Guidelines: Verify the authenticity of sender email addresses, avoid clicking unverified links or attachments. Remain vigilant about emails requesting sensitive information or money transfers, and confirm through official channels. Use the “report phishing” feature in email clients to help platforms block attacks.

Impact and Purpose #

Phishing emails aim to steal financial information, plant malware, implement ransomware, or infiltrate internal networks. Their success relies on social engineering, exploiting human psychological vulnerabilities rather than technical flaws, making user security awareness a key defense component.

Alibaba Email - More Product Services