It’s beginning to look a lot like Phish-mas, and phishers vow they won’t go until they get some money from unsuspecting victims. It’s the most lucrative time of the year for cybercrooks, so we’ve compiled a list of four phishing examples to help you and your business keep them at bay this holiday season.
According to Barracuda, phishing scams spike during the holiday season, with spearphishing attacks increasing by more than 150% above average in 2021 in the days leading up to Christmas. The rates dropped following the holiday.
However, the sad truth is that phishing scams aren’t holiday season-specific, and they don’t target only shoppers. Scammers often will also take advantage of employees who are so eager to begin their vacation, travel, or stay at home with family for Christmas, that they are more likely to fall for their tricks and miss red flags during this period.
Let’s dive right into four phishing examples.
1. The Urgent Message
Scammers often like to add a sense of urgency to their bogus messages to persuade the recipient to act by triggering an emotional response, like fear, panic, or excitement. By adding a time limit, they pressure the victim into acting without carefully examining the naughty list-worthy message.
Here’s an example:
The image above is a fake invoice message pretending to come from Microsoft. The phisher uses urgent language to trick you into calling them and get vished (fishing is a phishing attack carried out via phone call).
On the phone, they’ll most likely try to get you to make a payment, give payment and personal details, direct you to download malware onto your device and the networks it’s connected to.
2. The Email From Your Boss
Next on our list of phishing examples is scammers impersonating your boss or another authority figure within your company and asking you to do an urgent task. This type of attack is known as CEO fraud.
Let’s observe one such example:
The first thing to catch the eye is the email address – a Gmail account, which is free, easy, and fast to create. Cybercriminals often choose this type of account because of these three qualities.
Then, as discussed in the previous example, the subject line screams ‘VERY URGENT’ in hopes of instigating an emotional reaction from the recipient. Besides, no one wants to let their boss down, so many of your employees might act right away.
A scammer can ask for your phone number for various reasons, such as sending malicious links via text messages or spoofing your phone number.
We want to be Santa’s little helper (or the boss’ little helper), but let’s take our time to examine the email before responding, for Santa can be the Grinch.
3. The Romance Scam
What can be merrier than finding ‘the one’ this Christmas? But, be careful, for the ‘all I want for Christmas is you’ type of talk might get you to make poor financial decisions.
This type of scam can take one of the following routes:
- A scammer targets someone who’s recently single, widowed, or is otherwise lonely. Cybercriminals exploit the possibility of someone feeling lonely and vulnerable or in search for a partner. These phishing examples usually come via emails, text messages, and social media.
- A cybercrook poses as a potential romantic interest. Here, the attacker might pretend to be a prospective suitor to win over the victim’s trust and to isolate them from their real friends and family. They also may claim to have incriminating or private information about the victim that they can use as blackmail.
- An attacker pretends to be a friend or relative of the victim. While posing as the relative, the attacker will reach out (typically via email, phone call or text message) to say that they’re in some type of emergency situation and need immediate financial help from the victim.
Just picture this situation: a scammer uses this method to get to one of your employees and ask for company money. If your staff isn’t prepared, they might fall for it, thinking they are helping out a loved one. Now, your entire business is at risk.
4. The Extortion Email
They see you when you’re sleeping, they know when you’re awake. But do they really?
Here’s what a scammer might say to pressure you to pay:
- That they’ve exploited some sort of flaw that gave them access to your device browser history, camera, and/or microphone.
- That they have video recordings of you doing inappropriate things (such as visiting child pornographic websites).
- That they have other allegedly incriminating information about you that you can’t risk becoming known to the public.
Keep in mind that these phishing examples aren’t usually targeted, so scammers reach out to a bunch of users, hoping that at least one of them will take the bait. However, if one of your employees is secretly being naughty and doesn’t want to get caught and receives this type of email, your business and customers might get into trouble.
Here’s an example:
ATTACK Simulator To The Rescue
This ho-ho-holiday season, make sure you keep your business protected from cybergrinches. We’ve designed our Security Awareness Training Program to take care of that for you.
When your employees learn how to read the red flags of a phishing attack, they can take their time to calmly assess the situation and examine all the details the devil may be hiding in, which otherwise would go unnoticed. To evaluate your company’s exposure and vulnerability for phishing scams and any other form of phishing, you can use our free security awareness training trial.
Choose ATTACK Simulator’s Security Awareness Training program to keep your company safe from online dangers.