Common Characteristics of Phishing

This is a guest post by Joe Schembri. If you are interested to guest post in this blog, just head over to the Guest Post Guidelines.


The Internet has made ecommerce, banking, and other financial transactions easy and convenient, which has attracted millions of users worldwide to the Web to manage bank accounts, monitor credit card statements, and purchase goods and services.

Unfortunately, it has also attracted thieves who exploit the trust of average consumers by tricking them into revealing user names and passwords, account numbers, and other financially sensitive data.

Phishing is one of the techniques criminals use to acquire this information. Phishing most often takes the form of electronic communication, such as email, but can also be present in instant messaging and other communications.

These communications are carefully disguised to look like they come from common websites, auction sites, banking institutions, and online payment processing sites.

They often use a related technique called email spoofing, which masks the real email address and makes it appear that the email comes from a legitimate website or business.

Phishing scams often begin by alerting the recipient to a fictional breach in their account and asking them to reply to the email with specific account information. Other phishing scams include a link in the email.

Once an unsuspecting recipient clicks on the link, they are directed to a phony website that is designed to look and function almost exactly like the real site.

Once on the phony site, users may then enter login information or provide other secure information that the site captures and uses to defraud the user. Sometimes, phishing scams install malicious programs or viruses on the user’s machine if they click on the links in the message.

Signs to Look For

Consumers should examine all incoming email from any sites or institutions that they have accounts with or have conducted business with. Phishing emails often request the recipient to complete a specific action, such as submitting a payment or verifying a credit card number, account information, or social security number, or revealing user names and passwords.

Less sophisticated phishing scams may use web-based email, such as Gmail or Yahoo! to generate an email address that looks like it comes from a reputable source, such as

This should be an instant red flag as nearly every company that conducts secure web transactions will use email addresses from its own domain. Legitimate email addresses usually have the company name in the “at” section, such as

Even if the email appears to come from a legitimate email address, due to fraud and security issues, most reputable companies will never request users to send any sensitive information via email.

What to Do If You Suspect Phishing

Any email, regardless of the originating email address, that requests the recipient to share any financially sensitive or personal information, is suspect. Recipients should refrain from clicking on any links in the email and should immediately delete the suspicious message.

Recipients should also alert the website or company that the suspicious email supposedly came from so that they can take appropriate steps to protect their customers.

If you’re not sure whether the message is genuine or not, contact the institution directly by visiting their website (not the link in the email) or calling the phone number on your statement or the back of your bank card. By taking these simple precautions, you can protect yourself from phishing-related fraud.


About the Author: These security tips were provided by Joe Schembri with Villanova University’s CISSP certification prep courses. In addition to training courses, Villanova also offers articles about different strategies and jobs.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. Tumblr Bloggers Hit by Phishing
  2. How I Escaped from Maybank2u Email Phishing Scam
  3. Apple iCloud Phishing is Back Again


  1. Aditya says:

    Hi Joe,
    I totally agree with you ,Now a days everyone is doing their transactions online which has to be safe.But there are some hackers who send spam e-mails which have links and if you made click on them your transaction details are automatically fetched up.Phishing attacks now a days are very common and you should be careful while dealing with your online transactions.

    You have provided a good piece of information on this topic and how to stay safe if you are approached by these suspicious links.
    Aditya recently posted..ERP CRM Softwares Solutions ProvidersMy Profile

  2. Bhushan

    Hey Joe,
    phishing is very very bad thing at this time but it is common now a days.It should be very punishable offense. the spam mails and any other resource which is response for phishing should be restricted.
    It really Hurts so much.
    thanks for this post which give us more knowledge after this we can prevent from any hurting related to spamming.
    Bhushan recently posted..Inventory Management Software SystemMy Profile

  3. Zainil

    Nice post Joe Schembri! 🙂
    Between, I had heard that there is a browser named Epic, which has an anti phishing feature inbuilt in it! 🙂
    Zainil recently posted..Rising Interest for Voice Recognition AppsMy Profile

  4. Brij Taneja says:

    Phishing should be stopped somebody has to do actions against them.

  5. Zukidaru Ru says:

    Hey Joe, nice post. Phishing is particularly vulnerable on emails, phishing is done ​​by the hacker when a message is sent by the MUA sender to MUA recipient through the Internet.
    Zukidaru Ru recently posted..GOOGLE+: Get better results with a system authorshipMy Profile

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)