MailSafi Glossary of Terms

Phishing email

An email used as a tool to carry out fraudulent activities like stealing and misusing personal information is called a phishing email.

Here is an example of a phishing email:

In the above example, the sender's identity is spoofed to establish trust. The subject of the email has a sense of urgency, which increases the chances of a response. If the target downloads the file, it will result in a security compromise that will pose an immediate threat to user's confidential information like passwords, bank account details, business email compromise (BEC), and more.

How to prevent phishing

• Identify and avoid acting on phishing email: Phishing is done with a spoofed identity. Checking the sender's name, email address, and domain name before responding to any email can mitigate the risk of falling victim to a phishing trap. Some typical tell-tale signs of a phishing email are:

- A sense of urgency in the email

- Request for immediate action…or else…

- Email contains a request for personal/confidential information

- Offer of financial rewards

- Instructions to download files (these are likely to contain malware)

• Create awareness among employees: Security and privacy standards are only as strong as your weakest link. Because employees are susceptible to phishing attacks, they must be given all the information they will need in case there is an attempt to breach security and privacy. This will help minimize cases of security breaches in phishing

• Implement SPF, DKIM and DMARC: Configuring these protocols in DNS allows for email authentication, which assures that the sender’s identity is verified. They also allow for email encryption. Encrypted messages indicate that the email's content has not been tampered with.