Here are 10 types of phishing emails cybercriminals use to trick you. 



1. The Government Manoeuvre


This type of email looks like it originated from a federal body, such as the IRD, and tries to scare you into providing your information. Common messages include, ‘Your insurance has been denied because of incomplete information. Click here to provide your information.’ Or, ‘Because you illegally downloaded files, your Internet access will be revoked until you enter the requested information in the form below.’



2. The Friend Tactic


If an unknown individual claims to know you in an email, you are probably not suffering from amnesia. More than likely, it is an attempt to get you to wire him/her money. A variation on this theme is that one of your known friends is in a foreign country and needs your help. Before you send your ‘friend’ money, give them a call to verify. Your true friend’s email contact list was probably hijacked.



Foreign phishing example

3. The Billing Problem


This phishing tactic is tricky because it appears quite legitimate. This email states that an item you purchased online cannot be shipped to you because the credit card was expired (or billing address wasn’t correct, etc.). If you click on the provided link, it takes you to a spoofed website and asks for updated payment/shipping information, etc.



4. The Expiration Date


This type of email falsely explains that your account with [company name] is about to expire, and you must sign in as soon as possible to avoid losing all your data. Conveniently enough, there is a link in the email, which again takes you to a spoofed login page. These will often include a company logo to make it look more legitimate.



5. The Virus or Compromised Account Scare


These types of email state that your computer has been infected or that one of your accounts has been breached. In order to avoid losing your money or data or infecting your computer the email instructs you to follow a link to download the attachment.



USAA phishing example



Example of a malicious link.




 

6. The Courier Package


With Covid ongoing and lots of people doing that much more shopping online, people often have items being delivered by courier. If you receive an unsolicited email about a courier package being delayed, or some other issue with it, be wary of clicking the track and trace link in the email. Your order should have included a track and trace link when you first placed it, go back to that email and trace it directly from there.


Also be aware which company it’s shipping with. If you’re waiting on NZCouriers to deliver something, getting an email from FedEx saying the package is delayed doesn’t make sense.

7. The Friendly Bank


Your bank may offer account notifications when certain amounts are withdrawn from your accounts. This ploy tricks you with a fake account notification stating that an amount has been withdrawn from your account that exceeds your notification limit. If you have any questions about this withdrawal (which you probably would), it gives you a convenient link that leads to a web form asking for your bank account number “for verification purposes.” Instead of clicking on the link, give your bank a call. They may want to take action on the malicious email.


Bank of America phishing example



 Due to the graphics and opt-out instructions, this phishing attempt seems very legitimate. 





8. The Victim


Being wrongly accused of something doesn’t feel good. This type of phishing email acts as an angry customer whom supposedly sent you money in return for a shipped product. The email concludes with the threat that they will inform the authorities if they don’t hear from you.


Real estate phishing example



 This is another type of victim scam. Clues to the phishing nature of this email are present with the generic “Real estate agency” in the signature. 



 

9. The Tax Communication


Practically everyone has annual taxes to submit. That’s why this phishing attempt is so popular. The message states that you are either eligible to receive a tax refund, or you have been selected to be audited. It then requests that you submit a tax refund request or tax form. Always check with Inland Revenue by giving them a call if you receive any email requiring action.

10. The Check-up


This is one of the more unassuming phishing email attempts. It claims [company name] is conducting a routine security procedure and requests you verify your account by providing information. This scam is especially effective if you happen to be a customer of the named business.




https://competenz.freshservice.com/support/solutions/articles/5000079024