A phishing email is a type of scam email that attempts to “fish” for personal information. Typically, phishing emails will appear to come from a trusted source, such as a bank.
The emails will ask you to enter your personal details, either by responding to the email or by entering it in an online form, which may again resemble a trusted website. Then, the scammers will steal the personal information you entered and use it for identity fraud.
Today, I will be showing you 10 examples of phishing emails, so you know what to look out for.
This is how phishing emails generally look like.
- The emails appear to be from a bank and make claims of suspicious activity.
- Say that you can claim free money or crypto rewards.
- Offer you a job interview for a job that’s too good to be true.
- Claim your account is locked or will be cancelled soon.
- Scam you into providing another domain registrar with your information.
You can typically notice phishing emails by:
- Looking for spelling and grammatical errors.
- Hovering your mouse over the link to ensure it is the correct one.
- Looking at the sender’s email address.
- Using your common sense (if it sounds too good to be true, it is).
Andrew Levine, Public domain, via Wikimedia Commons
This particular phishing email example, which was created by Andrew Levine, is a great example to start off with.
It highlights how phishing emails can be hard to spot and how easily it can be to get fooled by them. TrustedBank is a fictional bank, but this kind of phishing email gets sent daily to people all around the world and claims many victims.
At first glance, everything looks legitimate. If you are a customer of TrustedBank, you would recognize the logo, which the scammers stole to add a feel of legitimacy.
Even the link looks legitimate, as it appears to lead directly to the bank’s website. What readers may not realize is that while the hypertext of the link reads “trustedbank.com,” the actual link points to a different URL that the scammers set up.
This URL might only be slightly different (such as trustedbank.co.ru or trustedbank-login.com), and readers might not notice this slight difference when visiting the page. In addition, the webpage will again copy the logo and design of the real site to appear legitimate.
The email starts off by saying that someone attempted to withdraw money in a foreign country. This adds shock value, as it immediately scares the reader into thinking that someone stole their credit card information.
Photo by Mikhail Nilov via Pexels
It also lends an air of trust, because the reader will think that their bank is watching out for them and keeping them safe.
In this case, you might have to take a closer look at the email to realize that it has errors. If you’re in a panic, you might fail to do so.
A closer look reveals that there are some spelling and grammar errors:
- Received was spelled as “recieved”
- Discrepancy was spelled as “discrepency”
- The last sentence is an incomplete sentence
There is another red flag, which is something to look out for in such emails coming from financial institutions. Instead of using your name, the email uses a generic greeting: “Dear valued customer.”
This indicates that the email was sent out to numerous people at a time (probably thousands or hundreds of thousands) and not customized for you.
Here is an email I received around Christmas, and it’s a great example of a typical crypto phishing scam. It often pretends to come from a commonly-used crypto app, such as Coinbase, Trust Wallet, or Metamask.
Usually, the scam will claim that you won some amount of crypto in some sort of giveaway. These emails often come around the holiday, to make it seem as if they are legitimate holiday giveaways.
To make it look even more legitimate, it may provide the crypto app’s official support email in the email body and suggest you reach out to them if you have questions. Right below that, though, the scammers will include an illegitimate hyperlink.
Again, while the link text reads “trustwallet.com,” the hyperlink actually points to another, illegitimate site.
This site typically asks you to log into the crypto app or provide your seed phrase (a secret phrase that allows anyone to recover a crypto wallet). This illegitimate site may use the logo and layout design of the real site, but if you look at the URL, you will notice it’s a fake site.
Once you provide those details, the scammers will be able to access your crypto funds and withdraw them.
This is another type of phishing email.
These scammers may scrape your email from the web or buy your data on the black market. Sometimes, they even set up fake job listings on job sites like Indeed to gather email addresses.
The scammers send fake job offers that have low requirements, sound like easy work, and pay a decent amount of money. Even someone who has a job might jump at the opportunity to work from home doing “live chat” or “data entry” for $35+ an hour.
Here are some of the red flags:
- Referring to you as an “applicant” instead of using your name
- Strange and unprofessional wording, such as randomly capitalizing some words or putting random phrases in quotation marks
- A job offer that is too good to be true (no real requirements for an easy remote job)
- Multiple job roles (live chat agent + data entry specialist + payroll clerk etc.)
- An interview on a live chat platform (a legitimate job interview, even a remote one, will take place over video call)
Once you reach out via Teams, the fake recruiters often phish for your personal details by asking you for a copy of your ID and/or Social Security number for “identity verification purposes” before they can give you the job, only to steal your details for nefarious purposes.
Remember, if it’s too good to be true, it is! In this case, the job is nonexistent, and you should simply send the email to the trash.
It sometimes turns into another type of scam, such as a fake check scam. In that scenario, the scammers will send you a large check for the purposes of buying equipment at an approved vendor, who is really the scammer’s partner.
Then, the check will bounce in a few weeks, and in the end, you will have spent your own money on worthless equipment.
Another version of the fake check scam is when the scammers ask you to send back part of the amount, since they sent you too much “by mistake.” Again, the check will bounce, and you will have lost the money you sent them.
This is a phishing email that has all the warning signs. It is an obvious scam, but let’s break it down, nonetheless.
It claims that $8.5 million in unclaimed funds have been awarded to me, and that while corrupt officials at the bank have been trying to steal the funds, this person, who is allegedly the president of the World Bank Group, is here to help me.
All he needs is some personal information from me to move forward.
Unlike the previous example, this one is very obviously a scam. Even Gmail marked it as a phishing scam that has been used to steal people’s information in the past:
Still, let’s outline some of the red flags, as while they are obvious here, they may not be obvious in other cases:
- The promise of free money seemingly coming out of nowhere (if it’s too good to be true, it is)
- The idea that the emailer is here to help me, for no reason
- A suspicious email address (unitedbankamerica121@umail…) instead of a legitimate corporate email address in the sender’s details
- Clear spelling and grammar issues
- Create a false sense of urgency (“I await your urgent response”)
- Pretending they are protecting you from fraud by warning you not to give your ATM PIN via email (they will instead attempt to steal other personal information)
- Asking for your personal details, such as your name and phone number (if the email came from your bank, they would already have those details)
Scammers often create a sense of urgency to prevent people from thinking logically about the situation.
In this case, the email asks for basic personal information at first. However, if you respond, it will likely ask for additional information, such as your bank login details, Social Security number, or your ID number, which they will then use for identity fraud or sell it on the black market.
Once you have already given them basic details, you are more likely to give them more important information. That’s just human nature, and scammers know that well, which is why they start off small.
The scam could also go in a different direction. For example, some of these scams ask you to send a small amount of money to “unlock” the huge amount of funds that is allegedly waiting for you.
In either case, it’s important to avoid responding to such an email and discard it immediately.
You may wonder if anyone falls for such a phishing email. The answer is that few people do, but it doesn’t matter, as it’s a numbers game.
If the scammers send the email to 100,000 people and only 20 people fall for it, it’s still free money for them.
Chris Lappas, CC BY-SA 4.0, via Wikimedia Commons
In this type of phishing email, the scammers will send a message that seems to come from Facebook, Apple, or another popular platform or service that many people use. The email will claim that your account was locked for suspicious activity and provide a “verification” button.
If you click on the button, you will be asked to log in or provide other personal information to “verify” your account.
Of course, the email in the image above didn’t actually come from Apple, and the button will take the user to a website the scammers set up to collect the person’s Apple password or other personal details.
Here are some of the warning signs:
- There are obvious spelling and grammatical errors.
- It creates a false sense of urgency by claiming that if you disregard the email, the account will be deleted (this is not true).
- It doesn’t use your real name.
In fact, in this email, the scammers were pretty clever. Instead of using some generic greeting like “dear user,” they used your email address in lieu of your name.
Still, it demonstrates that the scammers don’t actually know your name and are instead mass-spamming this email to thousands of people, using a script to insert the email address into the greeting header.
ManuRoquette, CC BY-SA 4.0, via Wikimedia Commons
This phishing scam is a bit unlike the others. Instead of promising you money or warning that your account will be locked, it targets academics.
You would think that most academics would be smart enough not to fall for a phishing email. However, the scammers, in this case, are relying on the fact that some academics are older and not very tech-savvy, and may therefore not realize how these things work.
However, there are obvious spelling mistakes in this email, which should be a dead giveaway. Even though the scammers managed to find the recipient’s actual name (which is easier in such cases as it is usually listed on some university or academic site), they still messed up.
In this case, the scammers may phish for information by claiming that certain details, such as the victim’s ID number, are required for the publication of their work.
Noloader, CC BY-SA 3.0, via Wikimedia Commons
While some of the phishing emails in this list were quite obvious, this one isn’t. At first glance, it seems legitimate, but it’s a typical domain slamming phishing email.
When you register an email with a domain registrar such as Namecheap, the information is usually visible via an ICANN lookup at lookup.icann.org.
Sometimes, your email is also available (if you didn’t make it hidden), and at other times, scammers can find a domain-based email address (such as email@example.com) on your site.
Scam domain registrars who want you to sign up with them instead may send domain slamming phishing emails. These emails look like the one above.
In this case, the customer registered with OpenSRS. The scam company has a similar name: SRSPlus.
Newbies who just bought their first domain with OpenSRS may not realize that it’s not the same company. They may think that the two companies are related, partnered, or even the same company.
The email claims that the recipient must verify their information with them. Usually, this verification form is actually a domain transfer/renewal in disguise, and if you go through with it, you would actually be transferring the domain name registration to the new company (and providing them your personal details).
As in other phishing emails, it relies on a sense of urgency by using terms such as “Action Required” and by claiming that not taking action may result in your domain registration being cancelled.
Jamil Velji, CC BY-SA 3.0, via Wikimedia Commons
This is a variation of the fleeing prince scam, in which a “fleeing prince” claims to need your help to claim funds being held by his host country.
In this case, the phishing email takes a slightly different approach. An unknown rich person in a foreign country (in this case, Burkina Faso) has died, and the bank is holding onto a large amount of money that will go into an unclaimed funds account.
A corrupt official at the bank is asking for your help to get the funds, with 40% going to you, by passing you off and registering you as the deceased’s next of kin.
Supposedly, he needs your help because you are a foreigner and the deceased was also a foreigner, and he is thus unable to register a citizen of his country as the next of kin.
The email asks for your personal details and may proceed to ask other details from you later.
Of course, it’s an obvious scam, but some people fall for it. Otherwise, the scammers would stop sending such emails.
Image via UC Berkeley Information Security Office
This scam is a bit more insidious. It targets university students who are subscribed to a university newsletter offering security updates, no less.
It claims that the student has been unsubscribed from the list and provides a link for the student to resubscribe. Of course, that is a fake link, and the student is not resubscribing but actually giving scammers their personal details.
Since the email purports to come from the security team at the university, it lends an air of legitimacy.
Image via UC Berkeley Information Security Office
This is similar to the previous example, but in this case, the scammers claim the student’s university email account will be terminated. The email instructs the student to cancel the request to terminate the email account by clicking on a link.
While the email seems to come from the university, it actually comes from a scammer. And, by clicking on that link and entering their details, the student will fall victim to a phishing scam.
People fall victim to phishing emails all the time.
By going through these examples, you can stay vigilant and safe.
Remember, if you are in doubt, and the email seems to come from a bank or another institution, you can always contact the institution using their official number or website to ask if it sent you the email.
Tom loves to write on technology, e-commerce & internet marketing.
Tom has been a full-time internet marketer for two decades now, earning millions of dollars while living life on his own terms. Along the way, he’s also coached thousands of other people to success.
#Phishing #Email #Examples