What is Email Phishing - Pentest Geek

What is Email Phishing

So what is Email Phishing?

Email Phishing is a fraudulent attempt to entice a user to perform an action; often appearing to come from legitimate businesses (e.g., your company, your internet service provider, your bank, etc.). The result of performing an action like clicking on an email link or opening an email attachment can lead to exposure of sensitive information such as usernames, passwords, or a potential compromise of the underlying operating system itself.

Adversaries will often target and send phishing links through email where the victim is prompted to click on a link within the email body. The target will get navigated to a phishing page that pretends to be legitimate and authoritative. At this point the phishing page may ask the user to login where credentials will be harvest or download a fictitious update which is really a malicious binary.

Email Phishing is an example of a social engineering techniques used to deceive users, and exploit weaknesses in a current organizations security posture. Email Phishing when partnered with email spoofing can present the look and feel which resembles that of the legitimate business or brand the adversary may be impersonating. This combination when done properly can yield incredibly high click through ratios which present a risk to organizations everywhere.

Email Phishing is a specific type of phishing in general. Phishing generally speaking comes in many different forms including, but not limited to:

  • Spear Phishing are phishing attempts which are directed at specific individuals. Often times targeting a low number of specific individuals can help a phishing operation remain stealth.
  • Clone Phishing are phishing attacks whereby a legitimate vendor is impersonated. Often times this is done by leveraging an existing email which has been delivered and replacing the primary link with a malicious link that an adversary controls.
  • Whaling are phishing attacks specifically directed at senior executives and other high-profile targets within the business. Content is typically crafted to target executive level folks and tailored toward the organization.
  • SMS Phishing (smishing) is when phishing attacks are performed over cell phone text messages as a medium to transfer the content.
  • Voice Phishing is when an adversary performs phishing by contacting over the phone and attempting to impersonate someone authoritative in an effort to entice the target to perform some action.

Share This

Recent Posts

Subscribe To Our Mailing List

The Ultimate Burp Suite Training Program

Learn Network Penetration Testing

Penetration Testing



Web Application Hacking

Brandon McCann

Copyright 2024


The Ultimate Phishing Framework

Enter your email address below to discover the secrets of a successful Email Phishing campaign. 

This completely free e-book will teach you the theory on how to phish like one of the pros. 

Written by the creator of the most powerful email phishing framework on the market today!

Download your free e-book and start phishing right now!


You have Successfully Subscribed!