Phishing emails are becoming more and more common. They can be very convincing for even the most experienced Internet users. Phishers use various techniques to fool people into clicking on links or opening attachments that could lead to viruses or malware downloads onto your system, while at the same time stealing personal information like passwords and credit card numbers which they then use for their own purposes such as identity theft or money.
These phishing email examples will show you the most common phishing email red flags and help you identify real-world phishing emails
What is Phishing and How does it work?
The first thing you need to know about phishing scams is that it's not the same as hacking. Phishing emails are all about tricking people into giving up their personal information, like credit card numbers or online banking passwords, by masquerading as a trustworthy entity in an email or text message.
It's called "phishing" because the criminals are fishing for your sensitive data from behind a computer screen. It only takes one click on the wrong link for everything you care about-your cash, contacts, photos-to be gone forever!
Types of Phishing Emails
Phishing is basically a scam that uses fake emails to try and steal your personal information. The fake emails often pretend to be sent by respected companies like banks, internet service providers, credit card companies, etc. They often ask for things like usernames, passwords, account numbers, etc. If you click on the link in the email it will take you to a fake website or product that looks exactly like what it claims to be.
Spear phishing is a kind of phishing that targets one person (or company) in particular. Spear phishing is often used in ransomware attacks, where someone holding your files hostage sends you an email pretending to be from a reputable company like your internet service provider or antivirus software telling you that your computer is infected with malware. If you click on the link in the email it will take you to a fake website that looks legitimate so when you enter your email address and password to "scan" your computer, you just gave the criminal access to all of your accounts.
CEO fraud is a kind of spear-phishing that targets specific people, usually by spoofing high-profile or wealthy individuals. The criminal sends you an email pretending to be from the CEO of your company and asking for money. For example, they might ask you to wire some money to a new bank account and then provide instructions on how to do so. People who are less familiar with the company might fall for this or if it's sent to you from someone who looks legitimate, like the real CEO.
Vishing is a kind of phishing that takes place over the phone. The criminal calls you and pretends to be from a company like your internet service provider, a bank, etc. They will try to trick you into giving up financial information or by directing you to visit a website where they can steal your login information.
SMiShing is a kind of phishing that takes place over text messages. The criminal sends you a text message pretending to be from a company like your bank asking for account information or they might send you links to websites where they can steal it. A lot of times the criminals will pretend to be with Google or Microsoft so it's even harder to discern whether or not the message is fake.
Phishing works by tricking people into giving up their sensitive information, but pharming tricks computers by changing Domain Name System (DNS) settings on a router. When you type in a website address your computer goes through several DNS servers before finding the correct IP address to direct you to the correct site. A DNS server is basically a system that points your computer in the right direction so when you type in an address, it can direct your computer to the right website. If someone poisons the DNS servers and redirects it to a fake site, you can fall victim to pharming. The criminal then gets access to all of the information you enter on that site.
Brand spoofing is when a criminal pretends to be from a company or organization you trust and they use this brand recognition to trick you into giving up your sensitive information. For example, a criminal might send you an email with a logo from Google in the header pretending to be from Google asking for your password. Most people are comfortable giving their password to a company like Google so they will click on the link in the email, enter their information, and give it directly to the criminal.
How To Identify Phishing Emails: Signs and Phishing Email Examples
While phishing emails can cause serious damage, the good news is that there are a few common red flags you can identify in order to order falling prey to a phishing attack.
Phishing emails often:
- Seem to be from legitimate companies like banks, internet service providers, credit card companies, etc.
- Are unsolicited (you didn't ask for it; they just sent it to you)
- Ask for things like usernames, passwords, account numbers, etc.
- Offer something seemingly valuable, like a prize or discount - Use poor spelling and grammar
- Have strange email addresses or typos in the email address - Have crazy titles
Now that you know the common red flags in phishing emails, here are a few real-world phishing email examples you may encounter:
- A Fake FedEx message saying your package is stuck in customs and needs to be paid for with Bitcoin
- Emails from the "IRS" asking for overdue taxes, someone claiming to be from your internet service provider telling you that there's a problem with your account details (often including an email address that isn't yours), etc.
- Emails from a big company asking for input on new products, where they want you to click a link and provide your account number or password
- Fake USPS email claiming that a package is stuck in customs and needs money for tax/processing/customs fees
- Emails from hackers pretending to be from your internet service provider saying there's been unusual activity on your account - Emails from a big company asking for input on new products, where they want you to click a link and provide your account number or password
- Fake FedEx message saying your package is stuck in customs and needs to be paid for with Bitcoin - Emails from the "IRS" asking for overdue taxes, someone claiming to be from your internet
3 tips for avoiding phishing scams:
There are a few simple steps you can take to avoid falling prey to a phishing scam.
First, don't click on suspicious links in your email, especially those that ask for personal information. If you're not sure whether an email is legitimate, don't open it...and definitely don't click on its links.
If possible, contact the company or organization directly through a known and trusted channel before responding to any emails asking for personal information. You can also file a complaint with the Federal Trade Commission or other federal agencies.
Finally, pay attention to the tone and content of the email. Is it unusually urgent? Are there misspelled words? Is there an offer that seems too good to be true? If it seems "phishy", it probably is.
Common Phishing Email Examples
According to the most recent phishing statistics, the most-phished brands are Google, PayPal, Apple, Yahoo!, etc. These brands are often spoofed in phishing emails because they are so common.
The following phishing email examples are some of the most popular types of phishing via email/brand spoofing:
Fake Google Docs Phishing Scam
A fake Google Docs phishing scam is when criminals impersonate a person or company you may know/trust, send you an email, and ask you to open a document in Google Docs. When you do, they are able to collect your information or change something without your knowledge.
Fake Apple iCloud Security Update Notification
Another example of an increasing phishing problem is fake Apple iCloud status emails. If you've ever used an iPhone or another Apple product, then you may have received a fake iCloud email asking for your password...which is scary, but the real problem with these emails is that they often contain links to malicious websites. Whenever you get an email from any company asking for personal information, make sure to contact them personally before responding.
More Phishing Email Examples
Below are more than 50 real-world phishing email examples. Feel free to click through them and try to identify the red flags in them.