We look at some real examples of phishing emails to help you notice a threat
That’s why you should treat all unexpected emails with the utmost suspicion and never click on links or open attachments in any email you receive unless you are sure that it is legitimate.
It’s also helpful to know what phishing emails look like so that you can identify and delete them as soon as you spot them in your inbox. Below we explore some typical examples.
The phishing email below will appear to come from someone you know, after their email account has been compromised by a hacker – Fiona Wilson, in the below example.
The email invites you to view a file with a generic subject like “Davey Fundraising Proposal.PDF”. Although you will not be expecting the email, the fact that it apparently comes from someone you have previously had communication with may convince you to click on the link to view the attachment.
Fiona Wilson has invited you to a folder titled "Davey Fundraising Proposal"
Fiona Wilson <fiona@Daveycapital.com>
Tue, 23 Mar, 12:13
Fiona Wilson has invited you to "Davey Fundraising Proposal"
Review Folder: Davey Fundraising Proposal.PDF
Extension Type: PDF •Size: 8.49MB •Date Modified: 23/03/21
Fiona Wilson said: "I’d welcome any question or suggestion you might have. Thanks."
If you click on the link to view the file, you are taken to a web page which then says “To view the secure document, choose your email provider to confirm your identity” with a choice of email systems including Office 365, Gmail, and Outlook, along with genuine-looking logos.
If you click on one of the logos and enter your email user name and password, the hacker will then have access to your email account.
The following email could appear to come from a bank, a utility company, or any other business that you might have an account with, such as Apple, Netflix, Dropbox, or Facebook.
If you do have an account with that organisation, you may be tempted to think the email is genuine. However, poor English is a good clue that the email is likely to be a phishing email and the attachment is likely to contain malware.
Dear (email address)
Recently there’s been activity in your account that seems unusual compared to your normal account activities
This is detail you activity:
Location: 36 Paraduta Street, Carabobo, Spain
IP address (xx.xx.xx.xx)
Time: Thursday, April 15 2021, 02;37:05 AM
Platform: Windows NT 6.1
*YOUR ACCOUNT HAS BEEN DISABLE TEMPORARY
If you do not do this activity, maybe someone who has access to your account. To view the details of your case please download & read (Billing_Agreement_15042021.pdf) in attachment
Cyber criminals also use a subject that you are likely to be interested in. The example below exploits the fact that many people are waiting to be contacted about a Coronavirus vaccination appointment.
This is a public health message from NHS
As part of the government’s coordinated response to Coronavirus, NHS is performing selections for coronavirus vaccination on the basis of family genetics and medical history.
You have been selected to receive a coronavirus vaccination
Use this service to confirm or reject your coronavirus (COVID-19) vaccination:
>> NHS – Accept Invitation
>> NHS – Decline Invitation
NOTE: The coronavirus (COVID-19) vaccine is safe and effective. It gives you the best protection against coronavirus.
Who can use this service
You can only use this service if you have received an email/SMS regarding this invitation. You can not use this service for anyone other than yourself.
You are also free to reject this invitation, your appointment will be issued to the next person in line in that case.
NHS National Health Service GOV.UK
By clicking on the links to either accept or decline the invitation, you will be asked for personal information that the cyber criminal may use for identity theft purposes, and you could also be directed to a “drive by” website which will attempt to compromise your computer using known vulnerabilities in software it may be running.
Cyber criminals know that the tax year ends on 5 April and that many people would welcome a tax repayment. The following phishing email uses this fact to try to hook you into following its instructions without questioning it:
HMRC Payment confirmation
Your repayment has been issued by HMRC
Tax reference PC37359839AP302222021
Payment reference 9acda9a2-e0cd-4793-65ca-1750d3cd2169
Amount to be paid GBP 520.99
Go to HMRC Online Payments Website
Why you got this firstname.lastname@example.org
You chose to receive payment confirmation by email@example.com
From HMRC Online Payments
The promise of a “GBP 520.99” repayment may be enough to tempt you into clicking on the “HMRC Online Payments Website”, but this fake website will ask for personal information such as National Insurance number and date of birth, and may also ask for passwords and other confidential information.
This is an example of a classic phishing email which invites you to view your account by clicking on a link in the email. In fact, the link will take you to a fake website designed to look like the genuine site, and when you enter you login name and password the hacker will capture them for later reuse at the real site.
This type of phishing email is becoming less common because most banks now also require some sort of two factor authentication method such as a code that is sent by text to your mobile phone.
Account temporarily suspended!
As part of our security measures, we regularly screen activity in your bank account. We revently contacted you after noticing on your online account, which is being accessed unusually.
To view your Account
There are plenty of straightforward steps you can take. Here are the most important: