What Is Phishing? How to Spot It and Stop It

Phishing is a social engineering attack where criminals send fraudulent messages—usually by email—purporting to be a legitimate business, organization, or person. The goal: trick a user into sharing sensitive data like login credentials or deploying malware.

Phishing is a cyberattack where criminals send fraudulent messages to trick a person into revealing sensitive information or downloading malware. It’s primarily conducted via email, though attackers can also use phone calls and text messages. Regardless of the delivery method, a phishing attack is usually disguised as legitimate communication from a known organization or individual.

Phishing is one of the most common, effective, and devastating cyberattacks in play. 44% of cybercrime losses come from business email compromise and phishing. It uses social engineering and link manipulations to trick humans instead of network systems. With increasing sophistication, phishing is a challenge to detect on a company-wide scale. Learn how phishing works, how to spot phishing attacks, and how Abnormal Security can stop it.

What is a Phishing Attack?

A phishing attack is a fraudulent communication that is designed to trick a person into giving up private information (like passwords or credit card numbers), paying money, or downloading malicious software. The end goal of most phishing attacks is the same: get paid, either by stealing banking credentials, committing invoice fraud, or holding data and systems ransom.

Phishing attacks use social engineering to target both individuals and businesses.

  • On an individual level, criminals use phishing to steal personal information.

  • On a business level, criminals use phishing to install ransomware and steal data.

It’s a social engineering attack because it relies on human error and gullibility instead of bypassing security systems. A victim may get a fake email impersonating their bank, for example, that says their account is suspended for fraudulent activity. The email contains a link to the bank’s website and urgently asks the user to log in to prevent account suspension.

The reputable-looking website is actually a phishing site masquerading. Once the user tries to log in, attackers have access to their banking credentials.

This is just one example of phishing. There are a variety of delivery methods and payout strategies.

Types of Phishing Attacks

Phishing is an umbrella term for various types of phishing attacks. While email phishing is the most common, there are several other phishing examples, including:

  • Email Phishing: Emails that trick you into revealing sensitive information or downloading malware.

  • Spear Phishing: A targeted form of email phishing that focuses on a single specific victim rather than a large group.

  • Vishing: Voice phishing, usually done via phone call or voice message.

  • Smishing: Phishing attacks delivered through text messages.

  • Pharming: Maliciously redirecting users from a legitimate website to a fake version, by malware or DNS spoofing.

  • Whaling and CEO Fraud: Phishing attacks that specifically target or impersonate high-ranking executives.

  • Angler Phishing: Phishing attacks targeting social media users, usually by impersonating brand accounts.

  • URL Phishing: Directing users to spoofed websites with fake URLs.

One of the more dangerous phishing attacks is credential phishing. This is a more targeted attack compared to the mass sending involved in other email phishing attempts. Attackers leverage prior knowledge of a target, such as their job title, responsibilities, and even close business contacts. They’ll use this data to dupe the victim into revealing sensitive information.

Common Signs of Phishing

There are several tell tale signs to help you spot a phishing email:

  • Urgency: A cornerstone of phishing is manufactured urgency. Attackers frighten targets with urgent messages about impending account closures, legal trouble, or a time-sensitive invoice.

  • Typos: Phishing attempts often come with bad grammar and misspellings. Authentic communication from a bank, for example, usually doesn't have grammatical errors.

  • Suspicious Links: Phishing emails may include a link with anchor text that appears legitimate. Upon closer inspection (like hovering over the link), it’s a spoofed URL.

  • Unfamiliar Attachments: Phishing attacks include “important” attachments like invoices, which are just viruses.

  • Email Address Domain: The sender’s email address looks similar to a company's domain name or organization. For example, becomes, or

Detecting and Preventing Phishing Threats

Identifying a phishing email is tricky. There’s a reason it’s such an effective attack, so you can’t rely solely on end users to detect and prevent phishing attacks.

You need a strong, modern email security framework so phishing attacks don’t reach inboxes. Traditional products like secure email gateways and Microsoft and Google’s built-in security systems have trouble detecting certain sophisticated phishing attacks. These attacks rely on social engineering and don’t have some of the obvious phishing characteristics.

These are characteristics of an advanced phishing attack that can evade traditional security measures:

  1. Passes a reputation check

  2. Doesn’t contain suspicious links or attachments

  3. Appears to come from a trusted contact

Abnormal Security can detect the phishing threats that outdated security misses.

Abnormal Security vs. Phishing

Abnormal’s email security solution is designed with phishing in mind. Take this email for example:

abnormal detecting a phishing attack

This email passes traditional security checkpoints. At first glance, it comes from an internal IT account and it’s a straightforward message: you need to update your VPN. Harmless, right?

Wrong. First, the displayed email address does not match the actual email address so it doesn’t pass DMARC. This is a sign of a spoofed domain. Second, the urgent request (“now required”) for login credentials sets off alarms. Third, the link appears legitimate but actually redirects to a lookalike site. Due to these factors, Abnormal flags it as a phishing attempt.

Since phishing attacks leverage urgency, any effective solution should account for that. Abnormal’s phishing security solution analyzes tone and language within the email. We can tell when an email is imposing unnecessary urgency or requesting a financial transaction, for example.

On the surface, many phishing emails come from trustworthy sources. But threat actors often send emails where the display name in the email header doesn’t match the actual sender address. Abnormal detects and flags email addresses that don’t pass sender authentication tests.

Phishing attacks usually leverage links or attachments to send a malicious payload. Abnormal inspects all links and attachments for suspicious content. For example, a link requiring login credentials, or a redirected URL that doesn’t match the anchor text.

Finally, Abnormal detects and locks the compromised accounts in your organization.

The more phishing emails Abnormal Security blocks, the smarter it gets. It's how the system can counter evolving phishing threats that also get smarter. Because the truth is that getting hit by a phishing attack is a matter of when and not if. And with attacks getting more sophisticated and prevalent, your protection must also match up.

Ready to evolve your phishing protection and enhance your email security? Get a demo to see how Abnormal Security can help protect you.

Get the Latest Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo