Deep Diving Into Some Phishing Examples To Understand How Phishing Works!

Phishing is a continually evolving activity. Hackers are busy changing their tactics all the time. However, the ultimate intention is the same, and that is to obtain confidential and sensitive financial information, user credentials, etc. from the users that can be put to malicious use.

Phishing usually starts with a maliciously crafted email informing the recipient about some abnormal activity in his/her account. It goes on to add that the account has been suspended temporarily. The user has to provide specific details for resurrecting the account. However, there are particular giveaways that users should be aware of when dealing with these types of emails. Let us look at some of them. Here are some classic phishing examples.

Technical Support Scams

One needs securing their banking accounts to prevent unauthorized access. Banks and financial institutions have security measures in place to safeguard confidential information from unauthorized access. Hackers take advantage of vulnerabilities present in such control measures to procure information from unsuspecting clients. On the face of it, these messages look genuine, but a close look can reveal specific errors that you do not expect professional organizations such as banks to make.

The PayPal security notice scam is one such attempt.

Many PayPal users receive a notice on their registered email addresses warning them about suspicious activity in their PayPal accounts. The message further asks customers to log in to their accounts and resolve the matter with the help of PayPal Resolution Center. The email looks genuine, but there is a giveaway. The origin of the email is from an Outlook account. Usually, PayPal uses its official website for issuing such notices. Hovering over the links provided in the message should deter you from proceeding further in the matter.

The fake Microsoft notice is also another phishing example.

This notice appears identical to an official Microsoft notice, especially when you notice the spurious sign-in details with IP address, country, date, and timing. However, users should know that Microsoft is a US-based company. There is no need for Microsoft to use GMT. Secondly, the grammar used in the email message is not the quality you expect from an organization as professional as Microsoft. These are minor details that the client could easily overlook.

Infected Mail Attachments

Usually, hackers use .JS or .DOC file attachments to transmit malicious content. Using .HTML attachments is a rare event. However, using .HTML attachments are desirable for hackers because of the following reasons.

They can target less internet-savvy users easily.
There are low chances of detecting viruses in .HTML attachments
Banks and other organizations frequently use .HTML attachments in their communication with their customers.

Here are some phishing examples where hackers used .HTML attachments. They sent the ‘login pages’ of companies like Google and Adobe to users to submit information to help Google and Amazon deal with unauthorized accesses to their accounts.

Macros with Payloads

Sending malicious macros as phishing email attachments have become common nowadays because macros can usually get past the anti-virus programs installed in various computer networks. Often, such emails come with a sense of urgency. It urges the recipient to complete specific tasks/steps to rectify the situation. It looks like a genuine email attachment, but once the user clicks on the attachment, he has high chances of becoming a victim now. Secondly, the macros attacks are unsuccessful if the recipients have not enabled Macros in their system.

Social media phishing examples

Social media presents a fertile environment for phishing examples to prosper. Many Facebook users received messages consisting of .SVG image file from familiar users. These .SVG image files can bypass Facebook’s file extension filters. Clicking on these extensions directs the users to a spoofed YouTube page where users are b prompted to install a couple of Chrome extensions necessary for viewing the (non-existent) video on the specific page.

In one of the classic example of such attack recently, the purpose behind the two Chrome extensions was to allow the self-propagation of the malicious content. It exploited the browser’s access to Facebook to send the same SVG file to all your Facebook friends secretly.

Some users also experienced the downloading and launching of the Trojan virus, Nemucod through the embedded JS. Many unlucky users saw their computer systems taken over by Locky Ransomware.

LinkedIn Attacks

LinkedIn provides the best opportunity for hackers, especially phishers, to steal a wealth of information about employees at various corporations. Almost every working professional has a LinkedIn account. Hence, it is no surprise that hackers choose LinkedIn targets to send business email compromise attacks. It included the W-2 social engineering scams and wire transfer. Some of the best phishing examples can be seen here as a classic example of social engineering attack using the information available on social media.

Hackers created a fake Wells Fargo account and used it to send email messages to unsuspecting clients urging them to secure their Wells Fargo online key. Clicking on the specific link included in the email led to the compromising of confidential data. Some cybercriminals have also tried similar tricks with email accounts outside of LinkedIn.

CEO Fraud Scams

The CEO frauds are also a typical modus operandi adopted by cybercriminals. The hackers know that some employees will go to any extent to satisfy their CEOs to remain in their good books. They take advantage of such employees by scamming them into providing confidential information. To achieve their objectives, the hackers send emails to such employees by impersonating the CEO of the company and trick them, revealing the sensitive information.

Final words

We have seen various phishing examples here. These examples should provide you with an idea of how these cyber criminals think and act. The only way to beat them is to be vigilant and confirm the source of the email message. If it originates from an unknown or suspicious domain, it is advisable to not to click the email and report it to CERT (Computer Emergency Response Team) of your organization. Being safe is any day better than being sorry.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

Stops business email compromise (BEC)
Stops brand forgery emails
Stop threatening emails before they reach the inbox
Continuous link checking
Real-time website scanning
Real time alerts to users and administrators
Protection with settings you control
Protection against zero day vulnerabilities
Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

60-Day Free Trial

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.