Security

Anatomy of a Phishing Email: A Detailed Analysis

David Lee

December 10, 2025

9 min read

Learn to identify phishing attempts by understanding the common elements and techniques attackers use.

Introduction

Phishing remains one of the most effective cyberattack methods, responsible for over 90% of data breaches. By understanding how phishing emails are constructed, you can better protect yourself.

Phishing Email Structure

┌─────────────────────────────────────────────────────────────────┐
│  FROM: "Amazon Security" <security@amaz0n-verify.com>          │
│  ────────────────────────────────────────────────────────────  │
│  ⚠️  Fake display name    ⚠️  Lookalike domain (0 not o)       │
├─────────────────────────────────────────────────────────────────┤
│  SUBJECT: ⚡ URGENT: Your account will be suspended!            │
│  ────────────────────────────────────────────────────────────  │
│  ⚠️  Creates fear/urgency  ⚠️  Excessive punctuation            │
├─────────────────────────────────────────────────────────────────┤
│                                                                 │
│  Dear Valued Customer,                                          │
│                                                                 │
│  We detected unusual activity on your account.                  │
│  ⚠️  Generic greeting (not your name)                          │
│                                                                 │
│  Click here to verify your account:                             │
│  ┌─────────────────────────────────────────────────────────┐   │
│  │  Displayed: https://amazon.com/verify                   │   │
│  │  Actual:    https://evil-site.com/steal-password       │   │
│  └─────────────────────────────────────────────────────────┘   │
│  ⚠️  Hidden malicious URL                                      │
│                                                                 │
│  Best regards,                                                  │
│  Amazon Security Team                                           │
│  ⚠️  No real contact information                               │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘

                    ⬇️  WHAT TO DO  ⬇️

┌─────────────────────────────────────────────────────────────────┐
│  ✅  Hover over links to see real URL                          │
│  ✅  Check sender's actual email address                       │
│  ✅  Contact company directly using known number               │
│  ✅  Never enter passwords from email links                    │
└─────────────────────────────────────────────────────────────────┘

The Anatomy of a Phishing Email

Let's dissect a typical phishing email and examine each component.

1. The Sender Field

What attackers do:

From: "Amazon Security Team" <security@amaz0n-verify.com>

Red flags:

•Display name impersonates legitimate company

•Domain uses lookalike characters (0 instead of o)

•Domain doesn't match official company domain

2. The Subject Line

Phishing subjects create urgency or fear:

•"URGENT: Your account has been compromised"

•"Action Required: Verify your identity within 24 hours"

•"You have (1) pending message"

3. The Malicious Link

Visible text:

Click here to verify: www.amazon.com/verify

Actual URL (hover to see):

https://amaz0n-security.evil-site.com/phish

Advanced Phishing Techniques

Technique	Description
Spear Phishing	Targeted attacks using personal info
Business Email Compromise	Impersonating executives
Clone Phishing	Copying legitimate emails

How to Verify

1Check the sender's full email address

2Hover over links without clicking

3Call the company using a known number

4Trust your instincts

Conclusion

Understanding phishing techniques is your best defense. When in doubt, verify independently and never click suspicious links.