Previously, we talked about phishing and its four common types: spear phishing, whaling, clone/deceptive phishing, and CEO fraud. In this blog, we’ll tackle 10 phishing emails that cybercriminals commonly use to trick users. While SMS, voice calls, and websites can also be used for phishing, we’ll focus on email since 96% of phishing attacks arrive by email.
Did you know that?
- The 2020 Verizon Data Breach Investigations (DBIR) Report shows that if an attacker sends out 10 phishing emails, there is a 90% chance that one person will fall for it.
- The same report reveals that 22% of data breaches in 2019 involved phishing.
- The 2020 Proofpoint State of the Phish report indicates that 65% of organizations in the United States suffered a successful phishing attack, which is above the global average of 55%.
1. Government pretense
This type of phishing email appears to come from a federal, state, or local government body, such as the Federal Bureau of Investigation and National Security Agency. The messages used greatly vary depending on the function of the agency. Some examples include:
- “Your request for a loan has been denied due to incomplete information. Click here to provide your information.”
- “We detected that you illegally downloaded files, therefore we will revoke your internet access unless you enter the requested information in the form below.”
- “You are eligible to receive a tax refund. Click on the link below to submit your tax refund request.”
- “We created a website for citizens to verify their personal information. Please use the following link.”
2. Scare tactic
As its name denotes, this email paints frightening scenarios that impel you to act without thinking twice. A common example is the email claiming that someone posted a sexually explicit image of you. In order for you to delete it, you need to submit a request through the provided link.
3. Compromised credit card
The email sender usually knows that you’ve recently purchased something, so they inform you that there was a problem with the credit card (e.g., expired card, incorrect billing address, etc.,) that you’ve provided. They will then ask you to click on the provided link that takes you to a spoofed website where you’ll be asked to input your credit card information.
4. Account expiration or deactivation
This email informs you that your account is about to expire or will be deactivated due to a data breach incident or “unusual login activity.” You will then be instructed to click on the provided link (that will lead you to a spoofed website) or download the email attachment to avoid losing your account.
5. Contest winner
In this phishing scam, you’re told that you’ve won something and to claim your prize, you need to click on the provided link to submit your shipping details.
6. Bank withdrawal alert
A bogus email from your bank notifies you that a certain amount has been withdrawn from your account. Should you have any questions about the transaction, you are asked to click on the provided link that will lead you to a fake web form asking for your banking details for “verification purposes.”
7. Angry customer
The email sender pretends to be a customer who wants their money back, or else they will report you to the relevant authorities.
8. Routine checkup
In this phishing attempt, a scammer poses to be from a company you transact with. That scammer tells you that they are conducting a routine security procedure. With this, you are requested to verify your account or update your records using the provided link.
9. Urgent boss requirement
Your “company’s CEO or top executive” sends you an email requesting a fund transfer to a foreign partner. In the email, the sender asks you to wire the money immediately so they can secure the new partnership.
10. Company tech support request
An email pretending to be from the company’s IT department asks you to install new corporate software, which is actually malware.
While some of these phishing scams may seem blatantly obvious, you never know when you or your employees may fall victim to one. Protect your company from even the most sophisticated social engineering emails with the powerful TrustGraph® AI of Graphus. Ask for a demo.