Anatomy of a Phishing Email
Why is phishing so dangerous? Because the emails that are used appear to come from a legitimate company and look very official. It is very easy to be fooled into providing credit card numbers, social security numbers and account information in hopes of rectifying some nonexistent catastrophic problem with an account.
The sense of urgency and impending doom created by the email sender is done intentionally with the hope of coaxing the recipient into taking immediate action by providing all requested information or face dire consequences.
An example of a typical phishing email is shown here. You will notice a few things if you look closely at the picture.
First, it looks very official. It has the Royal Bank of Canada logo and it appears to come from a legitimate RBC associate.
Second, it sounds very dire, alerting the user that the account needs to be updated within 48 hours. If not, any loss of secure information as a result of the alleged "security breach" may not be covered. This is meant to do nothing but scare the individual into providing all requested information.
Thirdly, a link is provided to take you to the "log-in page" where you are required to provide user name and password, which will then be available to the individuals responsible for the phishing attack.
As you can see, the designers of such attacks go to great lengths to create a very official and authentic email to invoke a sense of urgency and fear into their victims. Once they convince a user of the emails legitimacy, gathering all the information the user provides is as easy as a walk in the park.