Toll-Free 

855.411.EDTS (3387)


Augusta, GA

706.722.6604


Greenville, SC

864.250.9112


Columbia, SC

803.250.4656


Asheville, NC

828.318.0916


Savannah, GA

912.421.7700

Posted by Charles Johnson on 7/21/17 3:34 PM
Charles Johnson

When most people think of cyber-attacks and data breaches, they think of a hooded hacker hammering away at the keyboard in a dark corner somewhere using complex commands to get past firewalls and steal passwords.

The reality is that most breaches come from imposter emails, or phishing emails. And unfortunately, the perpetrators of this simple scam don’t have to know a lick of code to pull it off.

According to the Anti-Phishing Working Group (APWG), 2016 was the worst year for phishing in history with reported phishing attacks increasing 65% over those of 2015. In addition, according to Wombat Security’s 2016 State of the Phish report, spear-phishing attacks (attacks which contain personalized information about your or the supposed sender), increased 22% from 2015.

Given the success of phishing attacks and the ease of which cyber criminals can effectively breach networks through the use of them, phishing emails will continue to be a growing problem for business and consumers alike. Here are just a few examples of phishing emails in use over the past year:

The Urgent Request

Phishing emails play to our innate psychology. By impersonating a person or organization with a high level of authority—and urging immediate action—these emails are dangerously persuasive. Whether these emails threaten loss, punishment or added risk, researchers tell us that urging immediate action changes our focus to the singular task and, in the process, lowers our guard.

1. "Restart Your Membership"

Fake Netflix Phishing Scam - Source:http://coolmomtech.com/2017/03/fake-netflix-phishing-email-scam/

 

2. "Update Your Official Record"

Dept. of Labor Phishing Example Source: https://security.berkeley.edu/news/phishing-example-us-dept-labor-record-update

 

3. "Click to Learn More" 

Fake Subpoena Example (Phishing): http://www.nytimes.com/2008/04/16/technology/16whale.html
 
 
 4. "You Missed a Delivery"
UPS Package Reciept Phish Email Source: https://breakpoint-labs.com/blog/phishing/

 

5. "Confirm Your Account"

Wells Fargo Bank Phishing Email -  Source: http://www.calstatela.edu/its/itsecurity/phish/index.php
 
6. "Your Account Has Been Locked" 

Bank Locked Account Phishing Example 5.png

 

7. "Suspended Account"

PayPal Fake Email - Source: https://security.berkeley.edu/news/phishing-example-paypal-we-need-your-help

 

Unexpected Refunds & Payments

It's against our every instinct to ignore free money, and hackers exploit this with refund offers.

8. "Tax Refund"

IRS Email Scam - Source: https://www.aol.com/article/2016/02/07/how-to-avoid-irs-scams-during-tax-season/21309094/

 

9. "Refund Due to System Error"

Amazon Refund Scam Phishing Email - Source:https://www.komando.com/happening-now/367273/top-story-amazon-phishing-email-could-lead-to-ransomware-attack

 10. "Click to See Your Revised Salary"

Employer Fraud Phishing Example - Source: https://www.slu.edu/its/phishing-email-targets-slu

 

Spear-Phishing: Phishing Based on Research

Spear-Phishing emails may not have the stolen logos and email templates of phishing emails, but what they do have can be even more dangerous: inside information. Spear-phishers study their victims in advance, learning names, organizational structure, and even workplace culture to try to keep the victim from raising red flags. 

 

11. Sent "From" Recipient's Bank

Spear-Phishing Example From Accounting - Source:http://lts.lehigh.edu/phishing/examples

 

12. Sent "From" Recipient's CFO

Spear Phishing Example from CFO - Source:https://www.linkedin.com/pulse/email-scam-tactics-explained-what-phishing-spear-whaling-mcdonald

 

 13. Sent "From" Recipient's CEO

Spear Phish Email CEO Fraud Example - Source: http://www.icemiller.com/ice-on-fire-insights/publications/phishing-scam-alert-growing-list-of-companies-fall/

 

14. Sent "From" Recipient's CEO

CEO Spoof W-2 Request -  Source:https://krebsonsecurity.com/2016/02/phishers-spoof-ceo-request-w2-forms/

 

15. Sent "From" Recipient's CEO

Augusta, GA Spear-Phishing Email CEO Fraud 2017

Two More Examples:

Whaling emails, or spear-phishing emails targeting high-level executives, masquerade as a critical business email from a legitimate person of authority. These emails play on our respect for these individuals and take advantage of the lack of formality that sometimes accompanies their requests.

16. Sent to VP "From" Their  CEO

Busy CEO Request Phishing Example - Source:http://www.mailguard.com.au/blog/whaling-ceo-fraud-business-email-compromise-targeted-spear-phishing-attacks-continue-to-trouble-businesses

 

17. Sent to Controller "From" Their CEO (Also CCing Their Accountant)

CEO and Accountant Spear Phishing Email Fraud Example - Source:http://frankonfraud.com/fraud-scams/ceo-fraud-2-0-its-like-fraud-on-steroids/

All It Takes is One Click

While some phishing emails attempt to get you to hand over sensitive information, others only need one click to give the hacker access to your secure systems. If you've recently clicked on a sensitive email or want to protect your company and employees from phishing, contact EDTS Cyber today.

Topics: Social Engineering, Cyber Security, Phishing, Security Alerts, Most Popular