11 Types of Phishing Emails to Watch Out For
The field of cybercrime is very prolific and phishing is surely one of its most widespread and most developed manifestations. There’s a variety of factors that make us all vulnerable to phishing – from lack of awareness about the online security risks, to simple, human gullibility. The financial losses that result from phishing can be devastating, both for an individual and an organization.
Many experts consider phishing as a variation of social engineering and that actually provides an excellent framework for understanding what makes hackers so successful in this field. Millions of people across the globe receive all sorts of fraudulent emails that aim at getting their sensitive personal data by offering attractive links, images, or documents. A single click is enough to get your ID number, PIN, password, bank number, or credit card number exposed. Hackers don’t hesitate to use very refined tricks to get you to willingly provide sensitive data. Sometimes you get offered to download some content that actually contains malware, other times you are asked to fill in a form. These seemingly simple actions could expose you to major risks.
In this article, we’ll have a closer look at some of the most common types of phishing emails to help you stay safe. Stay tuned to read more about the tactics hackers use to fool you into exposing your sensitive data:
What phishing hackers most often do is send emails that look like they are coming from widely well-known brands such as IKEA, DHL, Amazon, and similar. These emails often seem perfectly legitimate and also very often contain a notice of impending consequences in case you do not do what you are asked to in the email (click on a link, fill in a form, go to some website, etc).
Although we have email filters that are becoming more and more efficient in identifying and blocking suspicious emails, it is still important to know how to recognize potential threats and how to react, as phishers are also masterminding new tricks to sidestep our protection measures. It is also very important to know the basics of the GDPR (General Data Protection Regulation), as well as how your personal information should be handled online – this can help you know when it is not ok to share them.
Rare are the ones who never found this kind of email in their inbox – a friend in need kindly asks you to help them financially as soon as you can due to some strange course of events. The friend is typically writing to you from a foreign country and has a number of seemingly logical reasons why they can’t ask you for a favor via your phone, video call, or through some other type of media.
What really happens in cases like this is that your friend’s email list has been hijacked and you are probably not the only one of their friends who got this kind of email. One variation of this kind of phishing email is that you get an email from an unknown email address from a person claiming to be your friend. In this case, don’t doubt your memory, the friend that you don’t remember has most likely never been your friend.
What should you do in case you get an email of this kind? First of all, don’t click any links, or take any other actions, and especially don’t send any money before you call the friend or check if you even know the person.
The mere mention of government in any context makes the whole context immediately seem more serious and trustworthy. A common citizen most often won’t bother to question any instruction that comes from the government, even if it doesn’t make sense, simply because we perceive we don’t have any real power over the government’s decisions. That’s exactly what phishers often exploit in phishing emails.
These kinds of emails look like they come from a legitimate, federal, or any other state body and typically aim at scaring you in order to make you provide your sensitive data willingly. The typical text goes something like this – “Your health insurance is soon to expire, kindly provide your information by clicking on this link”. They also may sound more threatening like “Your recent file download is illegal, we are forced to revoke your Internet until you provide the requested info…”
What should you do in case you get an email – delete it and mark it as spam. If you are worried you may have really breached some law recently – check with the real authorities, don’t click or provide any info via email.
We all have fantasies about winning the lottery, but most of us don’t really hold our hopes high or don’t even play any kind of lottery so the contest winner type of phishing email is one of the easiest ones to recognize. Still, even this kind of email can seem pretty convincing – “Congratulations! You’re the xx visitor of the xx website – click here to claim your reward,” where the website may be of a famous brand to make the email seem more real.
Some variations of this tactic include an email notification about receiving an inheritance from some relative of yours you never heard of. Sometimes, they also try tricks like a famous wealthy xx family has been left without anyone to inherit their wealth and thanks to some good deeds in your past they’ve chosen you, but first, you need to send them xx thousands of dollars to handle some legal issues so that they can transfer you the money.
The advice is don’t click, don’t trust, mark it as spam and delete the email.
Online shopping provides a lot of inspiration for hackers. One of the most common and most dangerous types of phishing emails is the one where you are notified about some billing issue that requires you to re-enter your billing info so that the goods you bought can be shipped to you.
These types of emails seem particularly real, they don’t sound threatening, they’re more like a ‘this can happen to anyone’ thing so everyone is vulnerable to them. The issues that are typically stated include but are not limited to – your credit card has expired, the billing address wasn’t correct and similar issues that all lead to you having to provide info again.
If you click the link that is contained in this kind of email you’re taken to a spoofed website and asked to update all the payment/shipment info. So, don’t click the link.
This is another type of phishing email that is particularly dangerous as it may seem very real. The scenario here starts with the bank sending you a false account notification about an amount that has been withdrawn from your account that exceeds your limit. You are then kindly asked to check this claim by following a link in the email that takes you to a web form where you are asked for your bank account number to verify your identity.
In case you have some concerns that what is stated in the email could be true, better call your bank first, don’t just trust the email. The bank might even take action on this kind of email as the phisher is using its brand to exploit its clients.
We all have some taxes to pay, and we do so without overthinking it. That’s exactly why the phishing emails that seem like they come from some government institution are so widespread. The typical content of this type of email includes a notification about your eligibility for a tax refund and how you only have to submit a tax refund request to get it.
Of course, if you follow the link, you’ll be asked to disclose more than necessary sensitive data about yourself. If the mere mention of taxes makes you feel guilty, better check your status with the tax administration directly and ignore this kind of email.
This kind of phishing email is most common in business correspondence. You get a notification that seems like it comes from your company that informs you about your account expiration date, which is, naturally, close. You are then asked to sign in as soon as possible to prevent losing your data. A link that leads to a spoofed login page is, of course, included. In case you get this kind of email at your office, make sure to contact your IT support, as they probably have some protocol established for this kind of malicious attack.
This is another very dangerous phishing attempt because it simply may seem so real. You get an email that tells you that your computer has been infected or that some of your accounts are in danger of breach.
This happens so easily and all the time, right? Actually, it is a very strange situation to be informed about your computer’s infection via email. The email, of course, will also offer a link and instructions for downloading some malicious attachments. After all, this email is not completely false, your computer is about to get infected if you click on the link that comes with it.
This type of email is common for online business owners. It triggers the feeling of guilt and therefore may be very seducing, especially if pleasing your consumers is one of your highest values.
Typically, this email seems like it comes from a disappointed customer who has sent you a money refund request for a product you shipped, and who now expects you to send another product or to refund them since they are not satisfied with what they’ve got.
The email ends with a threat that they will claim a pricey lawsuit or notify the authorities about your bad business practices and similar. Instead, you can notify the authorities about the email. At the very least, you shouldn’t do what they’re asking you.
The friendly check-up phishing emails are also one of the trickiest kinds. They seem like they come from a reputable company that is performing some routine security protocol and just needs you to verify your account. You are asked to provide personal information so that they can proceed and make sure you are safe online.
This kind of email can seem particularly convincing if you are already a client of the named business. Hackers are indeed worried about your security, but not in the way you would like to.
The reason why from time to time you may find a message in a foreign language in your inbox is that the majority of anti-phishing systems are set to recognize only phishing templates in English. The phishers that use this trick will encourage you to use an online translation service. What’s dangerous about this kind of email is that some users may find them trustworthy because of the mere fact that they have passed their anti-phishing system.
First of all, never click on any links, don’t open attachments or pictures. If you think replying to the sender is a good idea – it is not. You’ll just be providing them more information and room for them to trick you into doing something that may put you at risk.
Reporting an attempted scam is on the other hand, always a good idea. Mark the email as spam, and delete it from your inbox. In case you do business with the company that the email seems to come from, or the friend who asks for some money is your real friend, make sure to contact them directly. Spelling mistakes and strange language constructions are also often a telltale sign that the email in question is a part of some scam.
The hackers tend to target the common soft spots that we all have as they know that even the most well-informed of us have their moments of weakness. Email filters are great and very powerful in the majority of cases, but the wild imagination of cybercriminals often manages to manipulate their way through them. It all boils down to your security awareness – no filter can protect you from every threat, so you have to stay agile and careful, and never share any sensitive data without a proper check.