In this article, we\u2019ll explore the topic of phishing emails in detail. The content includes plenty of the latest real-life examples, the types of scams being executed via phishing emails, and tips to protect your organization (and yourself) from such traps. <\/p>\n\n\n\n
What Is a Phishing Email? <\/h2>\n\n\n\n
When we talk about a phishing email, we\u2019re referring to a hoax email that\u2019s sent out to defraud the recipient or to get them to do something they shouldn\u2019t. Attackers send phishing emails impersonating someone else to cheat the recipient. <\/p>\n\n\n\n
The cybercriminals psychologically manipulate the victims to take actions such as sharing financial or personally identifiable information (PII), login credentials, trade secrets, company\u2019s confidential data, etc., or wire transferring money to the attacker\u2019s bank account.<\/strong> <\/p>\n\n\n\n They can send an email pretending to be: <\/p>\n\n\n\n For example, look at the screenshot below: <\/p>\n\n\n\n This email that I received looks like coming from Apple. But when I checked the email header, the original sender’s email address indicates a fraudulent one. <\/p>\n\n\n\n We\u2019ll show you more phishing email examples later in this article.<\/p>\n\n\n\n Phishing can be executed by many methods such as voice phishing (or vishing), SMS phishing<\/a> (or smishing), HTTPS phishing<\/a>, watering hole phishing, etc. Among them, email phishing, also known as email spoofing, is one of the most common phishing techniques attackers utilize to execute various online scams.<\/p>\n\n\n\n Now that we know the answer to the question \u201cwhat is a phishing email?\u201d let\u2019s explore what types of scams are typically executed using phishing emails. To aid this task, we\u2019ve pulled together a few phishing email examples. <\/p>\n\n\n\n As the name suggests, in this type of phishing attack, the\u00a0perpetrator\u00a0sends phishing emails asking\u00a0for\u00a0donations for various fundraising campaigns. They share heart-melting emotional stories and graphics of individuals suffering from a disease, poverty, starvation, or social circumstances. <\/strong>often, cybercriminals run fundraising campaigns for\u00a0natural calamities like earthquakes, floods, cyclones, etc.\u00a0\u00a0<\/p>\n\n\n\n Needless to say, all of these campaigns are fake, and any money transferred is going into the con artist\u2019s pockets only. <\/p>\n\n\n\n Sometimes, these types of phishing emails contain trojans, viruses, malicious attachments, or links that send you to a spammy website. <\/p>\n\n\n\n Check out another such phishing email that I received: <\/p>\n\n\n\n As you can see, when I hover over my cursor over the “Know More”<\/strong> button,<\/strong> <\/strong>the link it shows looks too dangerous to click on and visit. <\/p>\n\n\n\n The email also contains links for “unsubscribe” and “report abuse,” which are also malicious (as you can see in the screenshot below) <\/p>\n\n\n\n This is the type of scam where the scammers impersonate recruiters of legitimate companies to trick you into sharing your personal information or transfer funds. For recruitment scams, many platforms are used, such as employment websites, phone calls, text messages, etc. But sending phishing emails is the most utilized (58%) recruitment scam tactic. <\/p>\n\n\n\n The scammers send\u00a0phishing emails directly to their targets\u2019\u00a0email addresses\u00a0as a part of a fake recruitment process. <\/p>\n\n\n\n They ask job seekers to share<\/p>\n\n\n\n The attackers sometimes ask the victims to transfer money, too, for various purposes such as buying online training materials or software. <\/p>\n\n\n\n The job seekers fall into the trap because the phishing emails are often well-crafted using the original company’s logo and text format. <\/p>\n\n\n\n For example, check out the email below. The so-called “recruiter” is offering a job in CISCO systems but sending the email from the Gmail account! Also, notice the spelling and grammatical errors in the emails. <\/p>\n\n\n\n In this type of scam, the criminal sends phishing emails impersonating customer support representatives for well-known organizations such as travel industry companies, financial institutions, ecommerce companies, technology companies, or virtual currency exchange companies. <\/p>\n\n\n\n They offer help to the victims for solving issues such as <\/p>\n\n\n\n They ask victims to provide their PII, login credentials, financial information, etc., or ask them to click on the spammy links or download malicious attachments. <\/p>\n\n\n\n Check out the screenshot below that the people connected with McGill University received: <\/p>\n\n\n\n Even though the email looks somewhat legit and comes from the customer support team from McGill University, it\u2019s a phishing email that was created to gain access to the recipients’ personal information. Upon discovering the scam, the university urged the recipients not to reply and share any information in addition to warning them to not click on the Update server<\/strong> link. <\/p>\n\n\n\n Sometimes the attackers send phishing emails impersonating your boss or colleague or any key company stakeholder such as a lawyer, tax officer, or accountant. <\/p>\n\n\n\n These messages are known as business email compromise (BEC)\/email account compromise (EAC) scams. In 2019, the Internet Crime Complaint Center<\/a> (IC3) received nearly 24,000 BEC complaints, and the organizations lost more than $1.7 billion. <\/p>\n\n\n\n For executing these types of scams, the perpetrator generally invests time to find out key employees and stakeholders’ names, designations, and email addresses. <\/p>\n\n\n\n Examples of common BEC, <\/p>\n\n\n\n Spear phishing attacks and whaling attacks<\/a> are some of the most popular methods to execute corporate communication scams. <\/p>\n\n\n\n This is another type of BEC\/EAC attack, where phishing emails are sent impersonating a financial institution such as a bank, credit card company, investment company, brokerage company, pension funds, or mortgage loan company. <\/strong><\/p>\n\n\n\n The emails are crafted in a way that they resemble a company’s authentic emails. They generally use the company’s logo, font styles, and colors to make the emails look official. <\/p>\n\n\n\n These emails will typically ask you to: <\/p>\n\n\n\n Check out the screenshot below. Even though at first glance, it looks like an official Well Fargo email, when you check it carefully, you can see the red flags: <\/p>\n\n\n\n So, what are some of the indications that this is a phishing email? <\/p>\n\n\n\n These types of phishing attacks became popular when in 2014, bulk emails were sent out by a hacker impersonating JPMorgan<\/a> and urging recipients to click on a link to read a secure message. When users clicked on the link, Dyreza banking Trojan malware started to get downloaded in their systems! <\/p>\n\n\n\n While it\u2019s easy to assume that phishing emails are sent strictly for financial gains, there are frequently other reasons for their attacks. Let\u2019s try to get a better understanding of attackers\u2019 intentions: <\/p>\n\n\n\n One example of such an attack involved a Vietnam government-sponsored group named OceanLotus<\/a>. They target foreign diplomats and foreign-owned companies inside Vietnam by sending them spear-phishing emails containing macros. Once the macro is enabled, it executes malicious payloads on the victim’s computer. <\/p>\n\n\n\n You can\u2019t prevent someone from sending you the phishing email. However, by following some below-mentioned tips, you can develop a vigilant attitude and protect yourself from becoming the victim. <\/p>\n\n\n\n We hope when you hear the word “phishing email” in the future, you won’t get a picture of that “Nigerian prince” in your mind. Don’t take phishing emails lightly, always keep alertness, and train your employees to recognize such emails. <\/p>\n","protected":false},"excerpt":{"rendered":" Follow 9 tips mentioned in this article to protect yourself from phishing emails No one falls for the “Nigerian Prince” email trap nowadays! Not even my 85 years old grandma! After all, we are smart…<\/p>\n","protected":false},"author":6,"featured_media":928,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[47],"tags":[55,30],"class_list":["post-915","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-security","tag-email-security","tag-phishing","post-with-tags"],"yoast_head":"\n![\"\"](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/image.png\")
<\/figure><\/div>\n\n\n\n5 Phishing Email Examples to Avoid <\/h2>\n\n\n\n
Example 1: Charity Scams <\/h3>\n\n\n\n
![\"Phishing](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/image-3.png\")
<\/figure><\/div>\n\n\n\n![\"Phishing](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/image-2.png\")
<\/figure><\/div>\n\n\n\nExample 2: Employment and Recruitment Scams <\/h3>\n\n\n\n
![\"Phishing](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/phishing-delivery-methods.png\")
![\"\"](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/image-6.png\")
Example 3: Customer Support Scams <\/h3>\n\n\n\n
![\"\"](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/image-5.png\")
Example 4: Corporate Communication Scams <\/h3>\n\n\n\n
![\"\"](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/image-1.png\")
<\/figure><\/div>\n\n\n\nExample 5: Financial Institution Scams <\/h3>\n\n\n\n
![\"Phishing](\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/image-4.png\")
The Motives Behind Phishing Emails <\/h2>\n\n\n\n
9 Tips: How to Stop Phishing Emails & Prevent Yourself from Becoming a Victim <\/h2>\n\n\n\n
Wrapping Up <\/h2>\n\n\n\n