{"id":140659,"date":"2023-12-15T11:55:35","date_gmt":"2023-12-15T11:55:35","guid":{"rendered":"https:\/\/www.techopedia.com"},"modified":"2023-12-15T16:19:55","modified_gmt":"2023-12-15T16:19:55","slug":"anatomy-of-a-phishing-attack-how-hackers-trick-you","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you","title":{"rendered":"Anatomy of a Phishing Attack: How Hackers Trick You"},"content":{"rendered":"<p>They&#8217;ve been used against us for over two decades, so <a href=\"https:\/\/www.techopedia.com\/definition\/4049\/phishing\">phishing attacks<\/a> are hardly new. They have evolved, however. No longer limited to email, they can also be delivered by <a href=\"https:\/\/www.techopedia.com\/definition\/4837\/social-media\">social media<\/a> and <a href=\"https:\/\/www.techopedia.com\/definition\/24275\/short-message-service--sms\">SMS text messages<\/a>. It&#8217;s the ever-evolving delivery of the same old scams in new clothing.<\/p>\n<h2><span id=\"modern-day_phishing_the_minefield_in_your_mailbox\">Modern-Day Phishing: The Minefield in Your Mailbox<\/span><\/h2>\n<p>Phishing is a form of <a href=\"https:\/\/www.techopedia.com\/definition\/24748\/cyberattack\">cyberattack<\/a> that is delivered predominantly by email. In a <a href=\"https:\/\/docs.broadcom.com\/doc\/istr-22-2017-en\" target=\"_blank\">2017 report by Symantec<\/a>, they determined that there were 135 million phishing emails sent every day, and 1.5 million fraudulent websites were created every month to facilitate these scams.<\/p>\n<p>Those are big figures. Two factors make phishing attacks popular with cybercriminals or &#8220;<a href=\"https:\/\/www.techopedia.com\/definition\/threat-actor\">threat actors<\/a>.&#8221; Firstly, they are easy attacks to conduct. At its most basic level, a phishing attack is the simplest form of cyberattack. All you need to do is send emails. The second reason is phishing scams are successful. People are duped by them all the time. It&#8217;s a threat actor&#8217;s dream \u2013 a simple attack that works.<\/p>\n<h2><span id=\"the_anatomy_of_a_phishing_attack\">The Anatomy of a Phishing Attack<\/span><\/h2>\n<p>The basic premise is a phishing email mimics an email from a genuine entity. It may masquerade as an email from an organization you recognize, like <a href=\"https:\/\/www.techopedia.com\/definition\/1564\/paypal\">PayPal<\/a>, <a href=\"https:\/\/www.techopedia.com\/definition\/4957\/twitter\">X (formerly Twitter)<\/a>, or <a href=\"https:\/\/www.techopedia.com\/definition\/4941\/facebook\">Facebook<\/a>. It might impersonate a figure of authority, such as a law enforcement agency or a senior executive in your own organization.<\/p>\n<p>The email tries to compel you to perform an action.<\/p>\n<ul>\n<li>It may ask you to click a link that takes you to a fraudulent copy of a genuine website. When you log in, they harvest your <a href=\"https:\/\/www.techopedia.com\/definition\/10259\/credentials\">credentials<\/a>, which they can use on the genuine website \u2013 or any other system where you&#8217;ve used the same ID and <a href=\"https:\/\/www.techopedia.com\/definition\/4042\/password\">password<\/a><\/li>\n<li>It may try to get you to open a malicious attachment that will infect your computer and <a href=\"https:\/\/www.techopedia.com\/definition\/5537\/network\">network<\/a> with <a href=\"https:\/\/www.techopedia.com\/definition\/4015\/malicious-software-malware\">malware<\/a>, such as <a href=\"https:\/\/www.techopedia.com\/definition\/4337\/ransomware\">ransomware<\/a>.<\/li>\n<li>It might try to coerce you into making a payment. Not only do they get the money from the payment, they also obtain your credit card details.<\/li>\n<li>Emails that appear to be from senior executives or board members try to persuade personnel in the accounts department to make a transfer to a customer or supplier. The bank details provided are those of the threat actor, of course.<\/li>\n<\/ul>\n<p>With hundreds of millions of phishing emails being sent every day, it&#8217;s no surprise that they are successful. If you have enough shots at a goal, some of them will go in. Whether someone falls for a phishing email or not isn&#8217;t always a reflection of their intelligence. Anyone can make a mistake in haste.<\/p>\n<p>If the message in the phishing email happens to strike a chord with you, it&#8217;s very easy to take it at face value and react to it without stopping to think. Which is just what the threat actors are hoping for. And new users come to the <a href=\"https:\/\/www.techopedia.com\/definition\/2419\/internet\">Internet<\/a> all the time, both young and old. They&#8217;re not experienced in spotting these types of scams.<\/p>\n<p>See our guide to <a href=\"https:\/\/www.techopedia.com\/password-manager\/how-do-hackers-steal-passwords\">how hackers steal passwords<\/a> for more information on how fraudsters obtain login details.<\/p>\n<h2><span id=\"setting_up_the_phishing_attack_psychological_warfare\">Setting Up the Phishing Attack: Psychological Warfare<\/span><\/h2>\n<p>The wording of phishing emails has changed a lot over the years. Twenty years ago, it was common for them to have outlandish cover stories involving lost inheritances, Nigerian princes, and the widows of retired spies.<\/p>\n<p>They were badly written and peppered with poor grammar and spelling mistakes. There&#8217;s a theory that says they were written this way because if none of that put you off, you were probably gullible enough to fall for the trap.<\/p>\n<p>That theory doesn&#8217;t stand scrutiny, however. If you&#8217;re not bothered by the ridiculous cover story and bad grammar, you&#8217;re likely to be someone at the lower end of the educational spectrum. And probably in a lower-paid job. Why would the scammers purposefully filter out everybody else and focus on the least well-off segment of society?<\/p>\n<p>Nowadays, most phishing emails are skillfully put together. They have the appropriate <a href=\"https:\/\/www.techopedia.com\/definition\/10195\/logo\">logos<\/a>, footers, disclaimers, and other company liveries so that they look real. Attention is paid to grammar and spelling so they sound real.<\/p>\n<p>And above all, they are phrased to generate a sense of urgency so that the victims are more likely to react immediately and get snared. Psychology and an understanding of human nature are involved in the setting of the trap.<\/p>\n<p>These are <strong>typical subjects for phishing emails<\/strong>:<\/p>\n<div class=\"su-table su-table-responsive su-table-alternate\">\n<table width=\"624\">\n<tbody>\n<tr>\n<td style=\"text-align: center\" width=\"195\"><strong>Subject<\/strong><\/td>\n<td style=\"text-align: center\" width=\"429\"><strong>Description<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left\" width=\"195\"><strong>Account Compromise\/Closure<\/strong><\/td>\n<td style=\"text-align: left\" width=\"429\">Your <a href=\"https:\/\/www.techopedia.com\/definition\/13458\/user-account\">account<\/a> has been compromised or is about to be closed, or you need to verify your credentials. If you think your PayPal, Netflix, or other account is going to be closed, you&#8217;re likely to try to stop that happening.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left\" width=\"195\"><strong>Fake Purchase Notifications<\/strong><\/td>\n<td style=\"text-align: left\" width=\"429\">We&#8217;ve got news about your recent purchase. If you haven&#8217;t made a purchase, quickly logging in to check whether someone has had illegal access to your account is a reasonable response. This uses the fear of a cyberattack to propel you into falling for a genuine cyberattack.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left\" width=\"195\"><strong>Tax Rebate\/Prize<\/strong><\/td>\n<td style=\"text-align: left\" width=\"429\">You have a tax rebate, or you&#8217;ve won a prize. The chance of free money is a great way to get people to react. These types of phishing attacks may harvest your login credentials, or they may ask for the credit card you want to have the rebate made to. And then they have your credit card details too.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left\" width=\"195\"><strong>Fake Invoices<\/strong><\/td>\n<td style=\"text-align: left\" width=\"429\">Invoice attached. Invoice \u2013 for what? Your natural reaction is to open the attached Word document or <a href=\"https:\/\/www.techopedia.com\/how-to\/how-to-remove-a-password-from-a-pdf-file\">PDF<\/a> to see who thinks you owe them money.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left\" width=\"195\"><strong>Malicious Word Document Attachments<\/strong><\/td>\n<td style=\"text-align: left\" width=\"429\">The attachments are not documents, despite their appearance. They are disguised applications that install malware when you click on them. Less common, but still a viable threat, is the attachment is a genuine Word document. One that harbors malicious <a href=\"https:\/\/www.techopedia.com\/definition\/3833\/macro\">macros<\/a> in it.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2><span id=\"all_brands_available\">All Brands Available!<\/span><\/h2>\n<p>Phishing emails have been created to <a href=\"https:\/\/www.techopedia.com\/definition\/4275\/exploit\">exploit<\/a> users of just about any online system or service you can think of. You might ask, what good is my Twitter account to a cybercriminal? They don&#8217;t want your Twitter account. They want to get their hands on a set of <a href=\"https:\/\/www.techopedia.com\/definition\/342\/authentication\">authentication credentials<\/a> that you use.<\/p>\n<p>People have a dreadful habit of using the <a href=\"https:\/\/www.techopedia.com\/how-to\/how-to-create-a-strong-password\">same password again and again<\/a>, all over the web. Once the threat actors have your login details for one system, they&#8217;ll pop them into an automated script that&#8217;ll try them on every popular web service.<\/p>\n<p>And getting an email telling you to verify your credentials on something as innocuous as Twitter isn&#8217;t going to ring the same alarm bells that a similar message would from, say, a payment service such as PayPal.<\/p>\n<p>The threat actors work the numbers so the odds are in their favor. If you get an email saying your account has been compromised on a service that you don&#8217;t even subscribe to, that&#8217;s something of a giveaway that it&#8217;s a phishing email.<\/p>\n<p>That&#8217;s why they often pick on popular platforms like Twitter, Facebook, and Instagram because so many people have one of those accounts.<\/p>\n<h3>Where Do They Get All the Email Addresses?<\/h3>\n<p><a href=\"https:\/\/www.techopedia.com\/definition\/13601\/data-breach\">Data breaches<\/a> seem to be a fact of modern life. There&#8217;s always some organization or other in the news admitting they&#8217;ve been breached and lost data. Everyone from Facebook to LinkedIn, from British Airways to Marriott Hotels, has lost millions of personal records in the last few years.<\/p>\n<p>The <a href=\"https:\/\/www.techopedia.com\/definition\/807\/data\">data<\/a> from all the breaches are gathered into huge collections that are available on the <a href=\"https:\/\/www.techopedia.com\/definition\/31562\/dark-web\">Dark Web<\/a>. Threat actors can purchase the data at extremely low cost, and feed it into <a href=\"https:\/\/www.techopedia.com\/definition\/31065\/automated-system-operations-aso\">automated systems<\/a> that send the emails out.<\/p>\n<h2><span id=\"different_types_of_phishing_emails_what_to_expect\">Different Types of Phishing Emails: What to Expect<\/span><\/h2>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-141014\" src=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Types-of-Phishing-Emails.jpg\" alt=\"Types of Phishing Emails\" width=\"1390\" height=\"851\" srcset=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Types-of-Phishing-Emails.jpg 1390w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Types-of-Phishing-Emails-300x184.jpg 300w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Types-of-Phishing-Emails-1024x627.jpg 1024w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Types-of-Phishing-Emails-768x470.jpg 768w, https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Types-of-Phishing-Emails-1200x735.jpg 1200w\" sizes=\"(max-width: 1390px) 100vw, 1390px\" \/><\/p>\n<p>There are a variety of phishing attacks, each using a type of psychological tactic, such as instilling a sense of fear and\/or urgency, pretending to be an authority, or even playing on the caring personalities of people to guilt you into doing what they want.<\/p>\n<p>Knowing the different types of phishing methods will help you understand the tactics they use, and help you recognize the signs before it&#8217;s too late.<\/p>\n<h3>Unsophisticated Phishing<\/h3>\n<p>These emails are very simple, involving nothing more than, well, an email. There is no infrastructure or <a href=\"https:\/\/www.techopedia.com\/definition\/14384\/software-framework\">framework<\/a> behind them to make the scam more believable. Even these primitive scams have a number of variants.<\/p>\n<ul>\n<li>They may ask you to get in touch by email or phone to discuss your prize, inheritance, or other good news. Over the course of several phone calls, you&#8217;ll be asked for bits of information so that the prize can be transferred into your bank account. The transfer takes place, but it is a withdrawal, not a deposit.<\/li>\n<li>The email may try to scare you into making a payment. Typically they look like they&#8217;ve come from the FBI or another law enforcement agency. They&#8217;ll accuse you of <a href=\"https:\/\/www.techopedia.com\/definition\/394\/download-dl\">downloading<\/a> music, films, pornography, or of non-payment of a speeding or parking offense or other invented allegation. To keep the matter out of court and prevent the fine from increasing, you&#8217;re encouraged to pay the outstanding charges right away. A phone number \u2013 in a strangely distant country \u2013 is provided to take your credit card details.<\/li>\n<li><a href=\"https:\/\/www.techopedia.com\/how-to-avoid-bitcoin-and-cryptocurrency-scams\">Sextortion<\/a> is a similar racket. The email will say it&#8217;s from a <a href=\"https:\/\/www.techopedia.com\/definition\/3805\/hacker\">hacker<\/a> who has hacked your computer and knows you&#8217;ve visited a pornography site. They&#8217;ll show you the <a href=\"https:\/\/www.techopedia.com\/definition\/4153\/username\">username<\/a> and password that you&#8217;ve used on the site. Whilst watching the pornography, the hacker was filming you through your <a href=\"https:\/\/www.techopedia.com\/definition\/5333\/webcam\">webcam<\/a>. To prevent friends, family, and colleagues from receiving the webcam footage, you need to pay in <a href=\"https:\/\/www.techopedia.com\/definition\/27193\/bitcoin-btc\">bitcoins<\/a>. The username and password are ones you&#8217;ve used before, you recognize them. But you can&#8217;t ever remember doing what they&#8217;ve said \u2013 what&#8217;s going on? Nothing. It&#8217;s just a scare tactic. All that&#8217;s happening is a sort of <a href=\"https:\/\/www.techopedia.com\/definition\/1686\/mail-merge\">mail merge<\/a>. Along with the email addresses, the databases from the Dark Web contain the passwords that were used on the site when the data was stolen. As each email is addressed, the matching password is inserted into the body of the email. This makes it look like the scammers have some inside knowledge about you.<\/li>\n<\/ul>\n<p>These phishing attempts are nothing more than brazen emails asking for money or credentials. And yet they find victims every day.<\/p>\n<h3>Phishing With Copycat Websites<\/h3>\n<p>Phishing emails that are backed with a <a href=\"https:\/\/www.techopedia.com\/definition\/7125\/facsimile-fax\">facsimile<\/a> website provide a more compelling and convincing experience for the victim. The email&#8217;s purpose is to pique their interest, raise their worries, or make them panic. To check if what the email says is true, the victim clicks the link that takes them to the copycat website. The website confirms what the email said, so they assume the email is genuine.<\/p>\n<p>Like all phishing scams, they can be reskinned very quickly. Whatever is in the news will be used as fodder for phishing emails. There is software available that can take a copy of the login page from a genuine website. The threat actors don&#8217;t even have to come up with their own forgery. They use the &#8220;real&#8221; page and modify it extremely quickly.<\/p>\n<p>If there is a genuine data breach on a popular site, such as Facebook, the threat actors send out emails ostensibly from Facebook, offering advice about the data breach and providing a link for you to follow to verify your account hasn&#8217;t been compromised. Needless to say, the site the link takes you to is their own copycat site.<\/p>\n<p>These types of phishing attacks are seasonal too. At the end of the tax year, they&#8217;ll be reconfigured to look like tax office websites to back up the pretense that the tax refund phishing emails are genuine. In the run-up to December, they&#8217;ll be reskinned to impersonate courier companies.<\/p>\n<p>This gives credence to the phishing emails that claim a courier couldn&#8217;t make a delivery to you and you need to reschedule delivery.<\/p>\n<p>To give proof \u2013 if any were needed \u2013 that the threat actors don&#8217;t have a shred of compassion or humanity, there was a large wave of <a href=\"https:\/\/www.ncsc.gov.uk\/news\/public-urged-to-flag-covid-19-threats-new-campaign\" target=\"_blank\">phishing emails touting scams based around the COVID-19 pandemic<\/a>.<\/p>\n<ul>\n<li>Fabricated guidance from health organizations such as the <a href=\"https:\/\/www.who.int\/\" target=\"_blank\">World Health Organization<\/a> or local health departments, &#8220;Open the attachment to learn more.&#8221;<\/li>\n<li>Falsified updates from local government and other authorities about lockdown policies and other procedures to address the risk.<\/li>\n<li>Fraudulent websites containing statistics, maps, and dashboards implanted with malware.<\/li>\n<li>Information about protecting yourself, your children, or the elderly contains malicious links or attachments.<\/li>\n<li>Nonexistent charitable appeals asking you to donate to help with the crisis.<\/li>\n<\/ul>\n<h3>Spear Phishing<\/h3>\n<p><a href=\"https:\/\/www.techopedia.com\/definition\/4121\/spear-phishing\">Spear phishing<\/a> is a targeted type of phishing attack. It is delivered to a specific person in the accounts department of an organization. It will appear to come from a senior executive or other high-ranking staff member and will look exactly like a genuine company email with fonts, footers, and corporate livery. It will address the recipient by name and ask for a payment to be made to a customer.<\/p>\n<p>Of course, it&#8217;s urgent. It must happen as soon as possible and by no later than, say, 2:30 pm.<\/p>\n<p>This type of phishing attack might seem relatively sophisticated compared to previous examples, but it is still worryingly simple to pull off. Many websites have a <a href=\"https:\/\/www.techopedia.com\/definition\/4115\/social-engineering\">Meet the Team page<\/a>. With no difficulty at all, you can find out who the board members and company officers are and who is on the accounts team.<\/p>\n<p>The threat actors will send an email to anyone in the company asking any questions. Do they sell this product, are they hiring, where&#8217;s their nearest branch? It really doesn&#8217;t matter as long as they get a reply. The reply email provides the look and feel of the corporate emails, including logos, footers, and disclaimers.<\/p>\n<h3>SMS Text Phishing &#8211; Smishing<\/h3>\n<p>Although the vast majority of phishing is carried out by email, <a href=\"https:\/\/www.techopedia.com\/definition\/24898\/sms-phishing\">SMS text messages<\/a> and other messaging platforms, such as WhatsApp, can also be used as the delivery medium. By forging the originating number, the threat actors can make a message look like it was sent from any number they wish to use.<\/p>\n<p>If the forged number is in your phone&#8217;s contacts, your phone will unwittingly collude with the scammers and label the message as coming from a genuine source. With the short, pithy style of SMS texts, you&#8217;re more forgiving of awkward or poor English. You also don&#8217;t expect to get the whole story in a text or WhatsApp message. It&#8217;s normal practice to click a link to find out more.<\/p>\n<h2><span id=\"dont_take_the_bait_-_how_to_spot_a_phishing_email\">Don&#8217;t Take The Bait &#8211; How to Spot a Phishing Email<\/span><\/h2>\n<p>There are some signs you can look for that give the game away:<\/p>\n<ul>\n<li>Look carefully at the sender&#8217;s email address. If the email address isn&#8217;t the same as the company <a href=\"https:\/\/www.techopedia.com\/definition\/1326\/domain-networking\">domain<\/a>, treat it with suspicion. Does it really say microsoft.com, or does it say rnicrosoft.com? Threat actors register domains that are one letter away from the real thing, so you need to look at each letter, not skim-read the email address.<\/li>\n<li>Hover your mouse pointer over any links in the body of the email and see where they are going to take you. It is easy to make the text of the link say anything. It doesn&#8217;t mean that is where you&#8217;ll go if you click it. Hovering the mouse over the link will produce a <a href=\"https:\/\/www.techopedia.com\/definition\/5482\/tooltip\">tooltip<\/a> with the actual link destination in it. If it looks at all suspicious, don&#8217;t click it.<\/li>\n<li>Threat actors try hard to have perfect grammar and spelling, but they still make mistakes. Perhaps they&#8217;ve got the spelling correct, but the phrases and tone don&#8217;t match what you&#8217;ve come to expect from the real entity. If anything feels wrong, it probably is. The future of AI makes this one likely to become more sophisticated.<\/li>\n<li>Do the logo and other corporate livery look right, or are the images low resolution and amateurish?<\/li>\n<li>Genuine organizations never ask for passwords, account details, and other sensitive information.<\/li>\n<li>Sadly, if it is too good to be true, it isn&#8217;t true. You&#8217;re not suddenly rich.<\/li>\n<\/ul>\n<p>If you&#8217;ve been through all of those steps and still don&#8217;t know if the email is genuine, go onto your browser and log directly into the account they are pretending to be from. Don&#8217;t click the link, go directly to the site in the way you always would.<\/p>\n<p>If you&#8217;ve had a call claiming to be from the bank and it feels strange, ask for their number and ring them back. Been asked to make a sudden payment at work? Contact the person asking for the payment and explain you need to verify the details.<\/p>\n<p>Taking a step backward, giving yourself time to think, and positively verifying everything is genuine before you proceed will keep you safe.<\/p>\n<div class=\"reference-content\">\n<div class=\"reference-heading reference-content-collapsible-heading\">\n<h2><span id=\"references\">References<\/span><\/h2>\n<\/div>\n<div class=\"reference-content-body\">\n<ol>\n<li><a href=\"https:\/\/docs.broadcom.com\/doc\/istr-22-2017-en\" target=\"_blank\">2017 Internet Security Threat Report<\/a> (Symantec)<\/li>\n<li><a href=\"https:\/\/www.ncsc.gov.uk\/news\/public-urged-to-flag-covid-19-threats-new-campaign\" target=\"_blank\">Public urged to flag coronavirus related email scams as online security campaign launches<\/a> (National Cyber Security Centre)<\/li>\n<li><a href=\"https:\/\/www.who.int\/\" target=\"_blank\">World Health Organization Official Site<\/a> (WHO)<\/li>\n<\/ol>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>They&#8217;ve been used against us for over two decades, so phishing attacks are hardly new. They have evolved, however. No longer limited to email, they can also be delivered by social media and SMS text messages. It&#8217;s the ever-evolving delivery of the same old scams in new clothing. Modern-Day Phishing: The Minefield in Your Mailbox [&hellip;]<\/p>\n","protected":false},"author":286520,"featured_media":140672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[585,548],"tags":[],"category_partsoff":[],"class_list":["post-140659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-threats","category-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia<\/title>\n<meta name=\"description\" content=\"Millions of fraudulent emails are sent every day. Learn how to recognize them, understand their methods, and avoid becoming a victim.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Anatomy of a Phishing Attack: How Hackers Trick You\" \/>\n<meta property=\"og:description\" content=\"Millions of fraudulent emails are sent every day. Learn how to recognize them, understand their methods, and avoid becoming a victim.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-15T11:55:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-15T16:19:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marshall Gunnell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/makojunkie_\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marshall Gunnell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you\"},\"author\":{\"name\":\"Marshall Gunnell\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/1567ab91e6d542d462510643a1874607\"},\"headline\":\"Anatomy of a Phishing Attack: How Hackers Trick You\",\"datePublished\":\"2023-12-15T11:55:35+00:00\",\"dateModified\":\"2023-12-15T16:19:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you\"},\"wordCount\":2887,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#respond\"]}],\"copyrightYear\":\"2023\",\"copyrightHolder\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you\",\"url\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you\",\"name\":\"Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg\",\"datePublished\":\"2023-12-15T11:55:35+00:00\",\"dateModified\":\"2023-12-15T16:19:55+00:00\",\"description\":\"Millions of fraudulent emails are sent every day. Learn how to recognize them, understand their methods, and avoid becoming a victim.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg\",\"width\":1200,\"height\":600,\"caption\":\"Anatomy Of A Phishing\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber Threats\",\"item\":\"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Anatomy of a Phishing Attack: How Hackers Trick You\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/1567ab91e6d542d462510643a1874607\",\"name\":\"Marshall Gunnell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/05\/avatar_user_286520_1683873714-300x300.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/05\/avatar_user_286520_1683873714-300x300.jpg\",\"caption\":\"Marshall Gunnell\"},\"description\":\"Marshall, a Mississippi native, is a dedicated IT and cybersecurity expert with over a decade of experience. Along with Techopedia, his articles can be found on Business Insider, PCWorld, VGKAMI, How-To Geek, and Zapier. His articles have reached a massive audience of over 100 million people. Marshall previously served as the Chief Marketing Officer (CMO) and technical staff writer at StorageReview, providing comprehensive news coverage and detailed product reviews on storage arrays, hard drives, SSDs, and more. He also developed sales strategies based on regional and global market research to identify and create new project initiatives. Currently, Marshall resides in Tokyo, Japan. When he's not working, he spends his time diligently breaking down complex subjects for the masses, mastering the Japanese language, savoring budget-friendly sake, indulging in onsens, and hiking through Japan's picturesque mountains.\",\"sameAs\":[\"https:\/\/vgkami.com\/\",\"https:\/\/www.linkedin.com\/in\/marshallgunnell\",\"https:\/\/x.com\/https:\/\/twitter.com\/makojunkie_\",\"https:\/\/www.youtube.com\/@vgkami\"],\"knowsAbout\":[\"IT & Cybersecurity Expert\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/marshallgunnell\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia","description":"Millions of fraudulent emails are sent every day. Learn how to recognize them, understand their methods, and avoid becoming a victim.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Anatomy of a Phishing Attack: How Hackers Trick You","og_description":"Millions of fraudulent emails are sent every day. Learn how to recognize them, understand their methods, and avoid becoming a victim.","og_url":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_published_time":"2023-12-15T11:55:35+00:00","article_modified_time":"2023-12-15T16:19:55+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg","type":"image\/jpeg"}],"author":"Marshall Gunnell","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/makojunkie_","twitter_site":"@techopedia","twitter_misc":{"Written by":"Marshall Gunnell","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you"},"author":{"name":"Marshall Gunnell","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/1567ab91e6d542d462510643a1874607"},"headline":"Anatomy of a Phishing Attack: How Hackers Trick You","datePublished":"2023-12-15T11:55:35+00:00","dateModified":"2023-12-15T16:19:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you"},"wordCount":2887,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg","articleSection":"","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#respond"]}],"copyrightYear":"2023","copyrightHolder":{"@id":"https:\/\/www.techopedia.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you","url":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you","name":"Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg","datePublished":"2023-12-15T11:55:35+00:00","dateModified":"2023-12-15T16:19:55+00:00","description":"Millions of fraudulent emails are sent every day. Learn how to recognize them, understand their methods, and avoid becoming a victim.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/12\/Anatomy-Of-A-Phishing.jpg","width":1200,"height":600,"caption":"Anatomy Of A Phishing"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/anatomy-of-a-phishing-attack-how-hackers-trick-you#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Cyber Threats","item":"https:\/\/www.techopedia.com\/topic\/220\/cyber-threats"},{"@type":"ListItem","position":4,"name":"Anatomy of a Phishing Attack: How Hackers Trick You"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/1567ab91e6d542d462510643a1874607","name":"Marshall Gunnell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/05\/avatar_user_286520_1683873714-300x300.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/05\/avatar_user_286520_1683873714-300x300.jpg","caption":"Marshall Gunnell"},"description":"Marshall, a Mississippi native, is a dedicated IT and cybersecurity expert with over a decade of experience. Along with Techopedia, his articles can be found on Business Insider, PCWorld, VGKAMI, How-To Geek, and Zapier. His articles have reached a massive audience of over 100 million people. Marshall previously served as the Chief Marketing Officer (CMO) and technical staff writer at StorageReview, providing comprehensive news coverage and detailed product reviews on storage arrays, hard drives, SSDs, and more. He also developed sales strategies based on regional and global market research to identify and create new project initiatives. Currently, Marshall resides in Tokyo, Japan. When he's not working, he spends his time diligently breaking down complex subjects for the masses, mastering the Japanese language, savoring budget-friendly sake, indulging in onsens, and hiking through Japan's picturesque mountains.","sameAs":["https:\/\/vgkami.com\/","https:\/\/www.linkedin.com\/in\/marshallgunnell","https:\/\/x.com\/https:\/\/twitter.com\/makojunkie_","https:\/\/www.youtube.com\/@vgkami"],"knowsAbout":["IT & Cybersecurity Expert"],"url":"https:\/\/www.techopedia.com\/contributors\/marshallgunnell"}]}},"modified_by":"Michael Simon","_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/140659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/286520"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=140659"}],"version-history":[{"count":3,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/140659\/revisions"}],"predecessor-version":[{"id":319365,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/140659\/revisions\/319365"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/140672"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=140659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=140659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/tags?post=140659"},{"taxonomy":"category_partsoff","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/category_partsoff?post=140659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}