Urgency Language & Vishing Module

Many phishing emails rely on psychological pressure rather than technical trickery. They create a sense of panic or excitement to push you into acting before you have time to think. Forensic Email scans the email body and subject line for language patterns associated with these tactics.

• Urgency Tactics
  The email contains language designed to rush you into acting immediately — phrases such as "immediate action required," "your account has been suspended," or "verify immediately." Legitimate services rarely use such demanding language in automated email.

• Weak Urgency Signals
  The email contains phrases associated with high-pressure sales or social engineering — such as "act now," "limited time offer," or "last chance." These phrases appear frequently in legitimate marketing email as well, so this threat indicator is only raised when more than one such phrase is found together.

• Threats & Intimidation
  The email contains language threatening legal action, prosecution, arrest, account termination, or referral to debt collection — phrases meant to frighten you into acting quickly. Legitimate organizations do not threaten individual recipients in this way.

• Prize / Lottery Scam
  The email claims you have won a prize, lottery, or sweepstakes, or that you have been selected as a winner. Unsolicited prize notifications are a classic social engineering technique used to extract personal information or upfront payments.

• Fear / Security Alert
  The email contains security-alert language — such as "unauthorized access detected," "your account has been compromised," or "unusual sign-in activity" — intended to make you believe your account is under threat. Legitimate security notifications from real services do not typically ask you to take immediate action via a link in the email.

• Obfuscated Phone Number
  The email contains a phone number where digit positions have been replaced with visually similar letters — for    example, "I" or "l" in place of "1," or "O" in place of "0." This technique is used to embed fake support numbers that evade automated phone-number detection.

• Phone Number in Subject Line
  The email subject line contains a phone number. Legitimate transactional services rarely put a support number in the subject line. This is a vishing technique used to prompt victims into calling an attacker-controlled number before they have read the email body critically.

• Vishing Phone Number
  The email contains a phone number alongside language about fraud, unauthorized activity, or suspicious transactions. This combination is used to pressure recipients into calling a fake call center where attackers collect personal information or payment.

• Phone Number in Transaction Details
  A phone number appears alongside language typical of a payment receipt — such as a merchant name, payee name, or transaction amount. Attackers sometimes abuse legitimate payment platforms by injecting fake support numbers into merchant or recipient name fields.

• Fake Customer Support Hotline
  The email presents a phone number alongside a customer support label (such as "help desk," "customer care," or "call center"). Fake hotline numbers route callers to attacker-controlled call centers where personal information or payment is extracted.