Email providers are always implementing new measures to fight spam emails and prevent phishing messages from entering a user's mailbox. However, at times, some phishing emails make it through to your mailbox. The following are some ways to identify a phishing scam:

• If the email is from a bank, an organization, or even a social networking site and has a generic greeting message.
• Phishing emails may contain malicious attachments.
• Phishing emails sometimes contain grammatical errors and misspelled words.
• The sender's email address does not look legitimate.
• It contains links to spoofed websites or malicious domains.

The following is an email I received some years ago. The sender's name and email are legitimate since it's someone I knew. However, the message seems to be different from all the other previous emails I've received from them:

The last line contains a hyperlink that says take a look here. A person who does not know about internet safety may click on the link and be directed to a malicious site and a payload may be downloaded and executed, causing the computer to be compromised.

Let's take a closer look at the source details of the email:

The source of the message shows us all the HTML code of the message. By looking carefully, we will see that the attacker created a hyperlink using a shorter URL to mask the real URL.

In this section, we talked about how a phishing email can be identified and how an attacker uses URL obfuscation when phishing to prevent the target from seeing the true web URL. In the next section, we will cover the essentials of doxing.