This post will walk you through 4 Phishing Examples that will help you and your employees recognize phishing attempts more easily.
Phishing attacks have become more and more creative, subtle, and harder to tell from the real deal. The bad guys never sleep, but neither do your employees when equipped with shatterproof knowledge to spot their sneaky attacks.
Keep reading to learn about the 4 most widespread phishing examples and how to read through the red flags in an otherwise concerningly legit-looking email that could fool the best of us if unprepared.
4 Phishing Examples Your Employees Should Learn About
1. Classic Phishing Emails
Technical Support Frauds – With technology advancements and the increasing number of activities relocated online, service providers were faced with the necessity to step up their security game. This involved notifying their customers regarding unusual or worrisome activity on their users’ accounts.
It’s not much of a surprise that hackers are leveraging this to trick victims into giving away their credentials and, unknowingly, their money. While grammar that leaves much to be desired and poor design are a dead giveaway in some cases, there are phishing emails that look legitimate enough to trick the user.
A good example is this fake PayPal security warning below claiming to have detected “unusual login activities”:
Now, if you look closely at the address, you’ll notice it’s fake, but hackers bet on the sense of urgency when prompting their victims to take action. If the target accesses the links, they will be redirected to a credential-stealing website.
Another example is this fake Microsoft notice that closely resembles an actual notice from Microsoft:
The latter has a different approach, pointing users to a sketchy 1-800 phone number instead of kicking them to a credentials phish.
2. Infected Attachments
.HTML Attachments – While malicious .HTML attachments aren’t as commonly used by hackers as .EXE or .DOC file attachments, they are desirable for a series of reasons. Firstly, antivirus software programs have a low chance to detect them since these files aren’t commonly associated with attacks carried out via email.
Secondly, banks and other financial institutions frequently use .HTML attachments which is why most people are used to seeing them in their inboxes. Check out the phishing examples below to understand what we’re talking about:
Macros With Payloads – Malicious macros contained in phishing emails have become one of the favorites ways of delivering ransomware in the past year. Unfortunately, this type of document often gets past antivirus programs unnoticed.
The emails urge the recipient to enable the macros, like in the image below:
3. Social Media Phishing Examples
Malicious Facebook Messages – Facebook users have received messages in their Messenger inbox from other users familiar to them. The message contained only a .SVG image file (Scalable Vector Graphic). The file bypassed Facebook’s file filtering extension. Once the victim opened the file, they were redirected to a fake YouTube page that asked them to install two Chrome extensions to be able to view the video.
The two extensions, once installed, would enable the malware to self-propagate by leveraging the browser’s access to your Facebook account. Then, it would secretly message all your friends with the same .SVG file.
On some devices, the embedded Javascript also downloaded and opened a PDF file called Nemucod. Nemocod is a trojan downloader for ransomware and many other types of malicious payloads. In this unfortunate case, the PC’s compromised would become hostages of the Locky ransomware.
LinkedIn Phishing Attempts – LinkedIn holds an immense wealth of data on organizations and their employees, making it the focus of online frauds and breaches. Threat actors use the information to identify potential targets.
A LinkedIn user received a standard Wells Fargo credentials phish:
Observe how this InMail seems to have originated from a fake Wells Fargo account set up by hackers to appear more authentic. The link in the message leads to a credential-stealing site:
Attackers delivered another Wells Fargo similar phishing attempt to an email account outside of LinkedIn:
The sneaky email was delivered through LinkedIn, and the network generated the URLs after cybercriminals exploited its messaging features.
4. CEO Fraud Scams
In the example below, the employee initially responded but then figured out the email is fake and reported it to the IT department.
When the employee didn’t proceed with the transfer, the bad guys sent her another email:
These phishing examples are only a few of what’s out there on the Internet. Train your employees to spot phishing attempts with Attack Simulator’s 4-Step Phishing Simulations.
Invest a small amount today to protect your business’s tomorrow and possibly spare a fortune. Get your quote here.
Attribution:
Feature Image: Technology vector created by freepik – www.freepik.com
