Skip to main content

    Email Safety: New Phishing Techniques Criminals are Using

    JOE USSIA
    5 min read

    Phishing Emails Are Getting Craftier:
    How to Stay One Step Ahead of the Bad Guys!

    Phishing_Email


    We all know the classic emails that scream for your attention: “Urgent action required!”, “Payment overdue!”, or “Your account will be locked!” For years, these bold, scary subject lines were the scammers’ weapon of choice. But as more people learned to spot these red flags, the crooks decided to change tactics. Today, many phishing emails come with seemingly harmless subject lines—words like “request,” “forward,” or “report”—that could easily be mistaken as routine messages in your busy inbox.

    Why the Change?

    Cybercriminals are smart. They’ve noticed that obvious alarm bells no longer work. Instead of using sensational words that alert you to danger, they now use ordinary language that blends in with your everyday emails. By doing this, they increase the chance that you’ll let your guard down, read the email carefully, and click on a link or download an attachment without a second thought.

    Kendall McKay from Cisco’s Talos division explains that this subtle approach is not because phishing is an outdated scheme. It’s simply more effective now—after all, familiarity can be comforting, even in the digital world.

    Understanding the Tactics

    At its core, phishing is about tricking you into making a mistake. Whether it’s clicking on a malicious link, sharing your personal details, or opening an infected attachment, nothing works unless the victim is deceived. The new approach is particularly insidious because it uses language that you might see in legitimate business communications every day. The use of everyday words means you could be faced with a phishing email that looks just like a normal work message or a routine personal email.

    Practical Tips to Stay Protected

    To keep your digital life secure in the face of these evolving tactics, consider these essential tips:

    1. Examine the Sender’s Address Even if an email’s subject line seems routine, the sender’s email address can give away its authenticity. Look closely at the domain name—does it match the company or contact you expect? Scammers often create addresses that mimic legitimate ones but with subtle errors.

    2. Be Cautious with Links and Attachments If an email asks you to click a link or download an attachment—even if the language seems normal—hover over the link first to see where it leads. If the URL doesn’t look familiar or seems off, it’s best not to click it.

    3. Double-Check Unsolicited Requests A common trick is to ask you to verify or update sensitive information. If you receive a request out of the blue, especially one that involves personal or financial details, contact the source directly using official channels rather than replying to the email.

    4. Look for Inconsistencies in Tone and Grammar While many phishing emails have become more polished, small mistakes—odd phrasing or unexpected changes in style—can still be a giveaway. Trust your gut; if something feels off, verify it before taking any action.

    5. Enable Additional Security Measures Use multi-factor authentication (MFA) where possible. MFA adds an extra verification step, making it much harder for a scammer to access your accounts even if some information is compromised. If you think this is complex to do, or adds "more work", you are very mistaken on both counts. MFA is simple to implement and even easier to use. Just ask anyone that knows how to turn this on and try it out. You may be surprised at how much easier it will make your life.

    6. Keep Software Updated Regularly updating your operating system, browser, and antivirus software helps protect you against known security vulnerabilities that phishing emails might exploit.  Turn on Auto-Updates in your operating system and any application that has the feature.

    7. Trust Your Instincts If an email feels even slightly suspicious, take a moment to double-check. It’s far better to take a minute and verify a message than to regret a missed sign of a scam later. And if something sounds too good to be true, IT LIKELY IS!

    Final Thoughts

    Phishing scams may seem like an old trick, but their methods are constantly adapting. By understanding these evolving tactics and staying vigilant, you can protect yourself from becoming an easy target.

    Remember, in the digital world, caution isn’t paranoia—it’s your best defense.

    Stay smart, question unexpected emails, and share these tips with friends and family. Every bit of awareness helps keep our online community safer.