Home » Beware of Sophisticated Email Phishing
|

Beware of Sophisticated Email Phishing

Posted on Reading Time: 6 minutes

When you think you’ve seen it all — the scammers take it up a notch.

Over the years, I’ve watched how those with nefarious motives have evolved to try and trick email recipients for various reasons. Some want to infect your computer, others want your data, and some want to sell you something.

Phishing has become something most of us are aware of. Unfortunately, it is not uncommon for a company or business to let you know when they find out about phishing emails that use their brand to trick others.

But boy, are these guys getting sophisticated. This requires you to up your game and become even more vigilant, including taking a few extra moments to double-check a few things before clicking on anything.

Here are five tips to avoid email phishing scams:

  • Verify the Sender – Check the email address carefully, not just the display name. Scammers often use addresses similar to legitimate ones but with slight misspellings or extra characters.
  • Look for Red Flags – Be cautious of urgent language, threats, or offers that seem too good to be true. Phishing emails often pressure you into taking immediate action, like clicking a link or providing sensitive information.
  • Hover Over Links Before Clicking – Before clicking on any link, hover your mouse over it to see the actual URL. If it looks suspicious or doesn’t match the supposed sender’s website, don’t click.
  • Don’t Open Attachments from Unknown Sources – Malware can be hidden in attachments like PDFs, Word documents, or ZIP files. If you weren’t expecting an attachment, confirm with the sender before opening it.
  • Use Multi-Factor Authentication (MFA) – Even if scammers obtain your login details, MFA adds an extra layer of security, requiring a second step (like a code sent to your phone) to access your accounts.

Additional steps to enhance your email security:

Enable Two-Factor Authentication (2FA)

Most email providers allow you to enable 2FA, which requires a second verification form (such as a text message code or authentication app) when logging in. This prevents unauthorized access even if someone gets your password.

  • How to enable:
  • Gmail: Go to Google Account Security → 2-Step Verification
  • Outlook: Go to Security settings → Two-step verification
  • Yahoo: Go to Account Security → Enable 2FA

Use a Strong, Unique Password

A strong password should be at least 12-16 characters long and include a mix of uppercase, lowercase, numbers, and symbols. Avoid using easily guessed words like your name or “password123.” Use a password manager to generate and store secure passwords.

Set Up Email Filtering & Security Features

Most email providers have built-in spam and phishing filters. Ensure they are enabled.

  • Gmail: Settings → Filters and Blocked Addresses
  • Outlook: Settings → Junk Email
  • Yahoo: Settings → Security and Privacy

To add extra protection, you can also use security services like Microsoft Defender, Google Advanced Protection, or third-party anti-phishing tools.

Regularly Review Account Activity

Check for any suspicious logins:

If you see any unrecognized logins, change your password immediately.

Train Yourself

Phishing tactics evolve, so staying updated is key. Use free phishing awareness training resources.

Paying Attention to Email Details

People get caught in these phishing nets because they are not paying attention to details. Details that can indicate that the email is not from who it appears to be or about what they want you to think it is.

When I talk about sophistication, I mean that these folks are very clever and know what they must do to fool you. For example, they can make emails look exactly like they are from your bank. Or a company you do business with. Logos, vocabulary, colors, and all.

So, if the email looks almost identical to those you receive from legitimate sources, how do you identify the fakes?

Underlying Email Address

You can put any address in the From field of your email program. You have total control of what is displayed to the person you are sending to.

What is displayed is not always reflective of the underlying email address. Mouse over or view the underlying address in the from field to see if it is the dot com of the perceived sender.

If that address doesn’t sync with the email content, delete it.

Links that Go Elsewhere

These emails include links and calls to action directing you to a website to login, get details, or even sign up. The link text displayed in the email shields the underlying URL. The same applies to graphical “buttons” or images.

Always mouse over the linked text or button to view your email program’s display and ensure a legitimate URL is underneath. And these guys are even good at entering similar URLs at a glance but not the actual URL of the entity they are spoofing.

Let’s use Amazon as an example:

  • https://amazon.com — Good
  • https://www.amazon.com/ — Good
  • https://www.amazon.com/something-after — Good
  • https://something-before.amazon.com/ — Good
  • https://amazon.hoaxdomain.com — BAD
  • https://www.hoaxdomain.com/amazon — BAD

Even with the above tips, don’t trust any links in emails you didn’t ask for. A good rule of thumb is that if you do not see the company name directly in front of the .com, you can bet something “phishy” is going on and NOT click the link. Also, be cautious of other domain extensions.

Nowadays, there are tons of TLDs (top-level domains) available. For hobbies, countries, and more. With all that rare, does a company use a different TLD in the email links when their primary is .com? One clue of many to take notice of.

Trademarks Infringers

Don’t fall for domains similar to the company name you are familiar with but not the domain you trust—for example, things like amazonshipsfast.com or orderatamazon.com.

Both of which would be trademark infringement. Anyone using those can expect to hear from Amazon’s legal team when they are made aware. Using trademarked names in domain names can get you in big trouble with the trademark holder, but when do laws stop those trying to pull a fast one?

Targeting Online Sellers

A typical phishing scheme that’s becoming more common is targeting those who sell online. The schemers will send an email saying they are trying to order from your site but are getting errors — click this link to see the screenshot. The link takes you to a nefarious site.

You may also get an email stating someone would like to do business with you with a link to a document listing the requirements they are looking for. Here again, be very cautious.

If you don’t know the sender — don’t click. If they want to send you info, ask them to copy and paste their requirements in an email. No links.

Be Cautious of Strangers

The best advice is not to trust emails from folks you don’t know that just so happen to land in your inbox. If the email address is unrecognizable or uses a throwaway account like Gmail, Hotmail, or Yahoo, delete it. Legitimate businesses do not use these services; they use their .com.

Crooks and scammers are counting on you not knowing what I mentioned above as a means to their end. So, remember, if something doesn’t seem right or legit, it most likely isn’t.

Get the word out...

Read some more...