Anatomy of a Phishing Email

  • Phishing is an attempt to gather personal information -usernames, passwords, credit card numbers, etc. -through malicious email links or attachments. More often than not, phishing messages follow a standard framework that can be easy to spot if you know what you’re looking for. Here’s a look at the anatomy of an ACTUAL phishing email...

    From: <<MPCS Employee or contact from address book>>
    Sent: Monday, December 19, 2019 12:35 PM
    Subject: Outlook Web

    Please this is to inform you that we are validating all staff Outlook Web Mailbox immediately. you are to send your USERNAME and PASSWORD to our staff helpdesk email at for immediate Validation. You may not be able to send or receive emails if you fail to do this. This message is from System Administrator.

    Bad grammar & spelling errors
    Notice the language mistakes common when emails come from outside the United States.


    Unfamiliar link
    If you see a strange link/email that doesn’t look familiar, be suspicious! Hover your mouse over a link to see target destination. NEVER CLICK IT, no matter how official it looks. Email or call the sender if you question a request.


    Instilling urgency & fear
    Phishing emails try to create a sense of fear and urgency. Official emails typically provide a deadline or completion date.


    Request for personal information
    Official MCPS emails will NEVER ask you to provide your credentials or personal information.