Here are a few examples of the most common phishing attacks.
Fake emails may claim that …
- … you received an invoice, asking you to click on the link
- … your bank account was locked
- … you received a package
- … your Amazon package is delayed
- … your Netflix account is suspended
- You may receive phishing emails that claim to be from “your administrator”, asking you to verify your account or update/reset your password.
- You may receive phishing emails that claim to be from CEO, VP or your direct supervisor, asking you for an urgent favor.
- Fake email may claim that you received a file or fax from someone on your Office365 OneDrive Business
NEVER click on any links within these emails. Our mail server does not send any “verification” or “password reset” emails.
NEVER provide your login information unless you are sure that the website you are viewing is legitimate.
On the very bottom, you will find several examples of phishing emails. Please take 1 minute of your time to review!
How to identify a phishing email?
Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email.
Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:
Since My Bank doesn’t own the domain “secure.com,” DMARC (email authentication defenses) will not block this email on My Bank’s behalf. Once delivered, the email appears legitimate because most user inboxes and mobile phones will only present the display name. Always check the email address in the header from — if looks suspicious, flag the email. It’s important to note that email addresses can be faked so it’s not a fool-proof indicator.
Tip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in the ite address directly rather than clicking on the link from unsolicited emails.
Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.
Tip 5: Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.
Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Tip 9: Don’t trust the header from an il address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.
Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.
What happened if I clicked on the link?
We completely understand you might be tired, or simply busy. If you mistakenly clicked on the link and provided some information to the fake website.
First, do not panic! 😊
Examples of phishing emails
- Phishing email from “your bank”
- Phishing email from “Amazon”
- Phishing email from “PayPal”
- Phishing email from “Office 365”
- Another phishing email from “Office 365”
- Phishing email from “Office 365” about account verification