Oliver Page
Case study
July 9, 2024
From the classic Nigerian prince scams to the slick "urgent email from your boss" cons, online frauds come in all shapes and sizes, always lurking around the corner. Time to sharpen your scam-detecting skills! We've rounded up 7 phishing examples so convincing they could fool even the savviest netizen. Read on to dodge the bullet and stay scam-free.
Phishing is a scam almost as old as the internet, with the first attack dating back to the 90s. Considering that, you would think we should all be bulletproof to it by now, but that's not the case. Although this simple scam hasn't changed much, it's still highly effective, in fact, according to a 2022 report by Verizon, 36% of all data breaches involved phishing.
But what is a phishing attack, exactly? Phishers operate by using fraudulent communication, meaning they send emails and messages that look like they are coming from reputable sources to obtain sensitive information such as bank, login, or credit card details. And they can be very creative and clever about it.
Every day, phishers send thousands and thousands of emails. Most of them get blocked by Gmail's filters, but some manage to bypass them and land in your inbox. Then it's all about how good of a detective you are. If the story is a typical Nigerian prince case or a sudden lottery win, it's pretty easy to tell it's a scam. Especially if you don't play the lottery. So, without further ado, here are some phishing examples that fooled everyone.
This subject line is never good to see, be it real or a scam. However, in this situation, it's crucial not to panic because that's exactly what phishers count on. When in panic mode, thinking their personal information is compromised, people are more likely to instantly click on links, "verify" their identity, and do whatever is asked.
Instead, carefully inspect the email, especially the sender's address, before you do anything. Phishing emails often contain spelling mistakes and poor graphics, and the email address differs slightly from the legitimate one, sometimes only in one character. Those are the first signs to ignore clicking on any links or sending your data. The same goes for password verification/change emails.
Receiving delivery notifications about something you haven't ordered and being asked to confirm your identity or give personal information is another typical email and message scam (smishing). It's no surprise that it's especially popular around the holiday season when everyone's ordering a lot because it's easier to click and fall through when you're really expecting a parcel.
DHL is one of the most frequently impersonated brands globally, right after Yahoo, which is why these scams are so frequent. Again, a closer look at the email address and paying attention to grammar and wording could save the day!
It's always a good feeling when the boss or manager entrusts you with a special or important task. But it's a red flag when they 'confidentially' ask you for a money transfer, send a fake invoice, or a form to fill out with your bank details.
Usually, people working in HR or finance are the targets, as they are responsible for financial transfers. However, everyone should be aware of this. CEO phishing relies on trust because employees often comply with requests from top executives without questioning them too much.
In 2015, Ubiquiti Networks fell victim to a massive phishing scam where attackers impersonated the CEO and tricked employees into transferring $46 million to fraudulent accounts. This real-world example highlights just how dangerous CEO fraud can be, even for large tech companies.
Nigerian prince, also known as 419 fraud, became a synonym for a specific type of scam in which victims receive an email promising significant financial gain in return for some help. There's always an elaborate backstory to it, and phishers rely on people's kindness or greed as the main catalysts.
Although getting an email from the prince of Nigeria personally is something many won't fall for, things change when the subject asking for help represents one of your friends or family members. Thanks to an abundance of information online, these scams have become more personalized and sophisticated.
From Facebook to LinkedIn, phishers have every social media platform covered and operate by sending messages containing malicious links or files from fake accounts. For example, .SVG extensions often aren't flagged by Facebook's filters, so once the victim clicks to open the file, it can redirect them to install certain 'extensions' necessary to view the file, which is actually malicious software.
Another case of phishing on social media is impersonating. Phishers can pretend to be your friends in trouble and ask for financial aid or brand representatives, 'gifting' you vouchers or freebies. Some other common examples are:
A growing trend in phishing is the use of Google Drive to bypass spam filters. Attackers share malicious links or files, tricking victims into downloading malware or submitting sensitive information on fake pages. This method has been seen to target not only individuals but also businesses and educational institutions
Opening attachments from unverified email sources is always risky, especially if the file has a .doc, .js, .zip, or .exe extension. While .HTML files are less commonly associated with these threats, they are particularly dangerous because antivirus programs often fail to flag them. These attachments are frequently used in the financial and banking sectors, making them prime targets for phishing attacks.An emerging technique in 2024 is the use of the InterPlanetary File System (IPFS), where phishers host malicious HTML files on this decentralized network. This approach makes phishing attacks much harder to detect and block, posing a growing threat.
Although many people nowadays have pop-up blockers installed, they can still appear out of nowhere, trying to urge you to click and infect your PC with malware. When a sudden pop-up shows up on the screen reporting a problem or requesting an update or a renewal, it's usually an attempt at phishing because those things aren't supposed to be sorted out through a pop-up on a random webpage but on the official website.Browsing the internet without a pop-up blocker on your mobile device is especially tricky because it's easier to accidentally click on a sudden pop-up and open a link to download malware.
Phishers constantly devise new tricks, ready to bypass every filter, protection layer, and antivirus. The only way to avoid becoming a victim is to stay aware of the risks, scrutinize emails from unknown sources, avoid clicking on suspicious links, and be cautious with attachments. Also, regularly update your software and use robust security measures.Browse our blog section for more articles on cybersecurity and Cybernut
What is a real-life example of phishing?
A real-life example is the 2015 Ubiquiti Networks scam, where attackers impersonated the CEO, tricking employees into transferring $46 million to fraudulent accounts. It demonstrates how even large organizations can fall victim to phishing.What does a phishing email look like?
A phishing email mimics a trusted source but may contain small errors like misspellings, poor grammar, or urgent language. It often includes a suspicious link or attachment designed to steal your personal information or install malware.How do you identify a phishing email?
Check for inconsistencies in the sender's email address, spelling errors, and unusual requests for personal information. Be cautious with unexpected messages that create urgency, and verify the source through other channels.How are people targeted by phishing?
Phishers often impersonate trusted contacts, like a boss or company, to send urgent requests for personal data. They tailor attacks to the victim, making emails appear relevant and legitimate to trick users into taking action.What is the most common phishing attack?
The most common phishing attack is email phishing, where attackers send fraudulent emails disguised as legitimate messages to steal sensitive information or install malware.What happens if you click on a phishing email link or attachment?
Clicking a phishing link can lead to malware installation or redirect you to a fake website that steals your personal data. This can result in identity theft or financial loss.What is a common indicator of a phishing attack?
A common indicator is an unsolicited, urgent email requesting sensitive information. Look for suspicious sender addresses, poor grammar, and links prompting immediate action.How successful is phishing?
Phishing is highly successful, accounting for over 36% of data breaches. Its success lies in exploiting human trust and bypassing security filters.
https://www.phishing.org/phishing-exampleshttps://www.fortinet.com/resources/cyberglossary/types-of-phishing-attackshttps://nordvpn.com/de/blog/nigerian-prince-scam/https://www.checkpoint.com/press-releases/yahoo-most-impersonated-brand-in-q4-2022-phishing-attacks/https://blog.usecure.io/the-most-common-examples-of-a-phishing-email
Oliver Page
On the same topic
Back
