Module 01 — Phishing Emails

What Is a Phishing Email?

Phishing emails are fraudulent messages designed to trick you into revealing sensitive information — passwords, credit card numbers, or account details — or to install malware on your device.

Attackers craft these emails to look legitimate, often impersonating trusted organizations like your bank, a government agency, or even your own company's IT department.

⚠ 91% of all cyberattacks begin with a phishing email. It's the #1 vector for corporate breaches worldwide.

Real Example: Anatomy of a Phishing Email

Study this simulated phishing email carefully. The highlighted areas are red flags — hover over them to understand why.

⚠ Urgent: Your PayPal Account Has Been Limited

From: service@paypa1-secure.com

To: you@yourcompany.com

Date: Mon, 14 May 2026, 02:34 AM

Subject: Urgent: Your PayPal Account Has Been Limited

PayPal

Dear Valued Customer,

We have detected unusual activity on your PayPal account. To avoid permanent suspension, you must verify your identity within 24 hours.

Click below to restore access:

Verify My Account Now

If you do not verify, your account will be permanently suspended.

Regards,
PayPal Security Team

🚩 Red Flags Identified

1Fake sender domain: "paypa1-secure.com" — the "l" in PayPal is replaced with the number "1". Legitimate PayPal emails only come from @paypal.com.

2Generic greeting: Real companies address you by your registered name, not "Valued Customer".

3Artificial urgency: "24 hours" and "permanent suspension" are pressure tactics to make you act without thinking.

4Suspicious link: The button likely leads to a fake site. Always hover over links to preview the destination before clicking.

5Mismatched footer URL: The footer link leads to "paypal-account-verify.net" — not the official paypal.com domain.

6Sent at 2:34 AM: Attackers often send phishing emails in off-hours hoping you're less alert.

Common Phishing Email Types

Spear Phishing — Targeted attacks using your name, role, or company details to appear more convincing.
Whaling — Phishing aimed specifically at executives (CEO, CFO). High-value targets.
Business Email Compromise (BEC) — Attacker impersonates your boss and asks you to transfer funds or share credentials.
Clone Phishing — A legitimate email is copied and resent with malicious links replacing the originals.
Smishing — Phishing via SMS text messages instead of email.

🎯 Spear phishing is 3x more successful than generic phishing because it feels personal. Always verify requests — even if an email seems to know your name.

How to Verify a Suspicious Email

Check the sender's full email address — not just the display name.
Hover over all links before clicking to see the real destination URL.
Call the sender directly using a phone number from official sources — never from the email.
Look for spelling/grammar errors (they're often deliberate to bypass spam filters).
Check if the email matches previous communications from that organization.
When in doubt — report it to your IT/security team. Never guess.

💡 Pro tip: Enable "Show full headers" in your email client to see the real routing path of any suspicious email.

PHISHING EMAILS