When most people think of cyber-attacks and data breaches, they think of a hooded hacker hammering away at the keyboard in a dark corner somewhere using complex commands to get past firewalls and steal passwords.

The reality is that imposter emails, or phishing emails, are the most common entry point for hackers. And unfortunately, the perpetrators of this simple scam don’t have to know a lick of code to pull it off.

Given the success rate of phishing attacks, phishing emails will continue to be a growing problem for business and consumers alike. Here are just a few examples of phishing emails in use over the past year:

The Urgent Request

Phishing emails play to our innate psychology. By impersonating a person or organization with a high level of authority—and urging immediate action—these emails are dangerously persuasive. Whether these emails threaten loss, punishment or added risk, researchers tell us that urging immediate action changes our focus to the singular task and, in the process, lowers our guard.

1. “Restart Your Membership” Fake Netflix Restart Membership Sorry to Say Goodbye Phishing Scam 2017 - Source:http://coolmomtech.com/2017/03/fake-netflix-phishing-email-scam/

According to the Anti-Phishing Working Group (APWG), 2016 was the worst year for phishing in history with reported phishing attacks increasing 65% over those of 2015. In addition, according to Wombat Security’s 2016 State of the Phish report, spear-phishing attacks (attacks which contain personalized information about your or the supposed sender), increased 22% from 2015.

2. “Update Your Official Record” Dept. of Labor Phishing Example Urgent Request to Update Your Official Record Source: https://security.berkeley.edu/news/phishing-example-us-dept-labor-record-update  

3. “Click to Learn More”  Fake Subpoena US District Court Example (Phishing): http://www.nytimes.com/2008/04/16/technology/16whale.html

 4. “You Missed a Delivery” UPS Package Reciept Delivery Follow-up Phishing Email 2017 DON'T CLICK Tracking Number Source: https://breakpoint-labs.com/blog/phishing/

Click on your tracking number and your device is immediately infected with malware.

5. “Confirm Your Account” 2017 Wells Fargo Bank Unusual Number Invalid Logins Confirm Account Phishing Email -  Source: http://www.calstatela.edu/its/itsecurity/phish/index.php

6. “Your Account Has Been Locked” Bank of America Your Account Has Been Locked Phishing Example 5.png

These “Account Issues” emails take the user to dummy login pages, where the hacker conveniently — and easily — grabs login credentials, and therefore back account, credit card numbers, and more.

7. “Suspended Account”

PayPal Fake Email 2017 We Need Your Help Suspended Account - Source: https://security.berkeley.edu/news/phishing-example-paypal-we-need-your-help

Unexpected Refunds & Payments

It’s against our every instinct to ignore free money, and hackers exploit this with refund offers.

8. “Tax Refund” IRS Identity Verification Service Phishing Refund Email Scam Example - Source: https://www.aol.com/article/2016/02/07/how-to-avoid-irs-scams-during-tax-season/21309094/

9. “Refund Due to System Error” Amazon Refund Notification Scam Phishing Email Example - Source:https://www.komando.com/happening-now/367273/top-story-amazon-phishing-email-could-lead-to-ransomware-attack

 10. “Click to See Your Revised Salary” Employer Fraud Phishing Example 2016 Salary Notice Human Resources Benefits - Source: https://www.slu.edu/its/phishing-email-targets-slu

Spear-Phishing: Phishing Based on Research

Spear-Phishing emails may not have the stolen logos and email templates of phishing emails, but what they do have can be even more dangerous: inside information. Spear-phishers study their victims in advance, learning names, organizational structure, and even workplace culture to try to keep the victim from raising red flags.

11. Sent “From” Recipient’s Bank Spear-Phishing Example From Accounting 2016 Lehigh University- Source:http://lts.lehigh.edu/phishing/examples

12. Sent “From” Recipient’s CFO Subject: Urgent Wire Transfer request Spear Phishing Example from CFO - Source:https://www.linkedin.com/pulse/email-scam-tactics-explained-what-phishing-spear-whaling-mcdonald

13. Sent “From” Recipient’s CEO Requesting All Employee W-2's Spear Phish Email CEO Fraud Example  - Source: http://www.icemiller.com/ice-on-fire-insights/publications/phishing-scam-alert-growing-list-of-companies-fall/

14. Sent “From” Recipient’s CEO CEO Headshot Email Spoof; Fake W-2 .PDF Request; Phishing Example 2017 -  Source:https://krebsonsecurity.com/2016/02/phishers-spoof-ceo-request-w2-forms/

15. Sent “From” Recipient’s CEO "Hi I need you to process a wire transfer to a new vendor. please let me know when you can get it done." Augusta, GA Spear-Phishing Email CEO Fraud 2017; Source: Corsica Technologies

Two More Examples:

Whaling emails, or spear-phishing emails targeting high-level executives, masquerade as a critical business email from a legitimate person of authority. These emails play on our respect for these individuals and take advantage of the lack of formality that sometimes accompanies their requests.

16. Sent to VP “From” Their  CEO "Hi Please find enclosed vendor banking instructions for payment that was supposed to go out last week. I need you to process it immediately. I am a bit busy now but will give you a call within the hour." CEO Request Phishing Example - Source:http://www.mailguard.com.au/blog/whaling-ceo-fraud-business-email-compromise-targeted-spear-phishing-attacks-continue-to-trouble-businesses

17. Sent to Controller “From” Their CEO (Also CCing Their Accountant) CEO and Accountant Spear Phishing Email Fraud Example; "Please send our W2 Documents for all employees to...I have CC'd him here. Please send immediately." - Source:http://frankonfraud.com/fraud-scams/ceo-fraud-2-0-its-like-fraud-on-steroids/

All It Takes is One Click

In summary, be wary of free money and urgent requests. Cross-check unexpected emails from people in authority over the phone or in person before sharing or downloading information.

Many phishing emails only need one click to give the hacker access to your otherwise secure systems. If you’ve recently clicked on a sensitive email or want to protect your company and employees from phishing, contact Corsica Technologies today to speak with an email security professional.

Comments are closed.