It's a Scam, Pam! A Guide to Recognising Phishing Email Examples
Ever been caught by a phishing scam that look so legit you couldn't believe it?
12:27 19 July 2019
Well, here's how it works and how to recognise phishing email examples...
Since there are around 75,000 reports of phishing scams every year, you have to assume that there are many more that are unreported. For every person who takes the bait, there are plenty more who are approached with the same scam. Knowing some phishing email examples is half of the battle in knowing what to look out for.
Here are a few ways that phishing emails try to get your personal information or to exploit your financial data.
The URL Doesn't Make Sense
One of the great things about links is that you can hover over them with the cursor to find out where they're going to take you. Since most of the internet isn't nefarious, most of us will click whatever we find on a page or in an email we trust. However, the URL preview is a way to avoid ending up in a phishing scam.
Sometimes the URL will look perfectly harmless. In fact, it's possible to write "www.google.com" in an email and have it link to whatever place on the internet you want.
If you receive an email that has a URL and it's not from a user who you know or trust or the message looks strange, take the extra second to hover over the link. You can see the linked address either pop-up over the cursor or listed at the bottom of your browser window. If it seems suspicious, email the person back just to confirm that the link isn't malicious.
The Domain Seems Misleading
One of the ways that phishing scammers take advantage of email users is through their ignorance. It's reasonable for most people to not know the ins and outs of DNS naming structures, but they should have a vague idea of how domains work. For example, it's vital to always pay attention to the last bit of the domain name.
While you might not think "www.bankofamerica.com" is much different than "www.bankofamerica.info", it is. If Bank of America doesn't act fast enough to buy up the ".info", ".org", or ".gov" for their company, someone else will get them. Those buyers can then mislead users to end up on a page they didn't intend, entering their financial information for identity thieves.
Another thing to remember is that the item right before the ".com" matters the most. That's the site that owns the link. A link titled "bankofamerica.janedoe.com" belongs to at janedoe.com, not Bank of America.
If you get an email directly from a company you don't work directly with often, like Apple or Microsoft, that's a clue. If you see that the parent domain doesn't look familiar, as stated above, steer clear.
Is the Message Poorly Written?
One of the great things about the internet is that we're more connected than ever across national boundaries. For those of us who don't speak several languages, there are tools online to translate our messages.
However, many of those tools are faulty and result in awkward grammar. When words are misspelled, they won't even be translated.
When a major company sends out an email to their customer base, they're going to have that email go through several iterations and checks before they send it out. If a message has lots of spelling errors and weird grammar, it probably didn't come from a company's legal department. Be suspicious of a poorly written message and reply to the sender before you click a link or send out information.
Are They Asking Personal Questions?
Most every corporation and email user knows that email is rife with problems of potential hacks and security breaches. No official message would ever ask you to put your personal and privileged information inside of an email. Even the most official-looking email message shouldn't be asking for information.
In most cases, you'll be asked to call a number or go directly to the company website.
Think about it before you respond. Does your bank not know your account number? Why would they be asking for your password, given they own the servers that your data is on?
Keep your personal information protected and avoid sharing it over an email.
Does the Offer Seem Reasonable?
If something seems too good to be true, it probably is. If an email is offering you free products and services for no reason you can think of, it's probably for their own personal gain. Emails that give you offers of cash, pricey services, or luxury goods are sure to have strings attached.
Making big promises is something that con artists and snake oil salesmen have been doing for hundreds of years. While we all laugh at stories of other people being swindled by them, we're all susceptible in our own ways. If the offer is truly extended to you, you should be able to reach out to the sender and ask about their sincerity.
The Email Came Despite Any Action
While it's common for us to fill out little forms at our favorite restaurant saying they'll give us a meal on our birthday, most of us forget about them. However, if you had entered to win a million-dollar lottery, you would have remembered. If you didn't buy a ticket or fill out a form related to the information that you're being sent an email about, it's probably a scam.
While we all dream of money just falling from the sky and into our laps, it's just not that realistic. Winning a contest that you never entered is a surefire way to know that you're being hit with a scam. This is a common type of incident you'll find on this Spear Phishing Blog.
Is Someone Asking You For Money?
While these lottery winning emails will somehow find a way to try to get to your financial information to take money from you, some writers are more direct. Phishing artists might have hit you earlier before you realized it.
Even if this is their first time contacting you, they might give you some elaborate story of why you need to send them money to cover expenses, taxes, or fees. It could be related to a prize they're promising to send you or it could be something altogether different. Either way, you shouldn't send anyone you don't know any money and especially not your personal financial information.
Is the Message Oddly Threatening?
While some messages might be innocuously asking for information using an official-seeming channel, others will be much more aggressive. Some phishing scammers will say that your account information was compromised and that you need to respond right away.
A fake bank email might threaten to close your account and seize all of your assets. They could ask for picture ID or account "confirmation" information. If they don't know your account number, how could they know which account to close?
Also, it's not legal for a bank to simply close your account and keep your money because you failed to respond to an email. They might be able to freeze an inactive account so it doesn't get compromised, but they can't just take your money.
Is it From a Government Agency?
Government agencies don't spend a lot of time communicating via email. If they need something official, as inefficient as it is, they'll often send information via mail.
Phishing artists rely on most people not knowing that. They'll send out emails claiming to work for the FBI, CIA, or IRS, just to scare you into giving out your information. don't be fooled by this.
While government agencies use email from time to time, they all follow certain protocols. One of the main things they never do is to use email as a tool for extortion. That's definitely not in their handbook.
Does it Just Feel Weird?
More often than not, the email that you're looking at might not be checking any of these boxes but it might just feel weird. Lean into your instinct if the email doesn't feel right. Don't click on anything or download any items.
In most cases, your email provider will scan for viruses so that you don't have to. However, they don't always catch everything. Your best bet sometimes is just to hit "Reply".
There are New Phishing Email Examples Created Daily
While the list above includes some of the most common phishing email examples out there, phishing emails take the shape of whatever works. They could evolve to replicate information gathered from your email account about friends or family. Developers will try to stay ahead of hackers but they need to see the crime attempted before they can protect you from examples like that.
For other types of email scams out there, check out other posts on our site.