What is Email Phishing? Definition and Real-life examples

August 1, 2019

What is Email Phishing a Definition

‘Phishing’ is a cyberattack in which email is the weapon. Victims are tricked into thinking an email is from a legitimate source. The email then lures them into taking some action, either providing sensitive data, downloading a file or simply clicking a link.

The term "Phish" is pronounced as it's spelled. It’s an analogy for fishing: casting out baited hook hoping someone bites. The term first arose in the mid-1990s making it one of the oldest types of cyber attacks around. Unfortunately, it’s very still lucrative and as a result remains one of the most popular types of cyberattack globally. 

A phishing attack is often just a ‘foot in the door’ for a hacker, and if it's successful it can lead on to more devastating results for an organisation; stolen funds, IP, customer data all of which lead to lost reputation and consumer trust.

Many of the most famous hacks in history, began life as humble phishing attacks...

Real-life examples of successful Email Phishing attacks

What is a Phishing Kit?

A phishing kit is simply a bundle of web resources and tools that a hacker installs on a server to send out emails to mailing lists of victims. The ready availability of Phishing kits on the Dark Web means that criminals need not have any technical skills to launch successful phishing campaigns to millions. This ease of use is one of the main reasons why the number of emails in circulation just keeps growing.

What is Spear Phishing?

In the more sophisticated attacks, hackers will masquerade as somebody the target will plausibly trust like a real person from a company they do business with. They’ll be asked to provide sensitive data such as banking and credit card details, and passwords.


Conor O'Neill Pentester and OnSecurity CoFounder

About Conor O'Neill

Conor is our Co-Founder and Head of Product Strategy at OnSecurity. Conor has over a decade of IT security experience, and has held a number of impressive letters after his surname, including M.Sc, CRT, GCIH and CISSP.

Feel free to connect with him on LinkedIn or get in touch with us at OnSecurity to discuss how we can help protect your business from Email Phishing campaigns.