Scribd
Upload
123 views

Phishing Email Examples

Uploaded by

mutigaryan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
123 views

Phishing Email Examples

Uploaded by

mutigaryan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

PHISHING EMAIL EXAMPLES

One of the best ways to avoid getting tricked into a bad click on a phishing email is to know
the common red flags of this type of attack. While not every email will include obvious
markers -- and some are much more sophisticated than others -- it's beneficial to be aware
of the most common signals.

Below we review 4 different examples, highlighting the red flags contained within the
different messages. Take a look.

DROPBOX PHISHING EMAIL:

Suspicious Sender TIP:


Do a search! A quick internet search confirms that "dropbox" and
Name/Domain Name "dropboxmail" are the only legitimate Dropbox domains ever used
in their emails.

Not Personalized to the


Recipient

Vague Body Copy

Even if you feel that this may be a legitimate document share, close this email
TIP: and navigate on your own to your Dropbox account. Log into the site at the
known URL and check from there for any new documents.
O365 PHISHING EMAIL:
TIP:
Suspicious Sender It's important to carefully review the sender's name, as
Name/Domain Name even minor differences can be a signal of a spoofed
email. For example, using "Microsoft.com" as the
sender's name instead of just Microsoft.

Not Personalized to the


Recipient ("Dear user")

______________________________________________________

_______________
Awkward phrasing in body
copy (see underlined
sections)
There is an attempt to
create a sense of urgency,
by indicating that this is This URL is suspect due to the
required. lengthy text after
"login.microsoftonline.com".

Best practice is to avoid following links in unverified or unsolicited emails. If


TIP: you must check the claim in an email, stay in control of where you land by
navigating on your own to your Office 365 account.
UPS SHIPMENT NOTIFICATION PHISHING EMAIL:
TIP:
Sender Name/Email Always keep your anti-spam filters up-to-date. This will
Domain Not a Match filter out those emails that have been flagged already,
keeping your inbox free and avoiding any accidental
clicks.

The fact that I didn't order


anything and am not expecting
anything is a red flag.

Most end-users who are cyber aware will spot this as an


obvious phishing attempt; but simple curiosity will entice
some users to click to find out what they're getting.

Understand social engineering tactics and how they are being used to target
TIP: you. When you can recognize the psychological tricks, you can avoid
becoming a victim.
OVERDUE INVOICE PHISHING EMAIL:
TIP:
Having established SOP's around any financial
transactions can save your business from falling victim
Vague sender name / to the many phishing and spear phishing scams out
unknown domain there. Recommended best practice is to always verify a
request to transfer funds directly with the person the
email appears to be from.

The signature is listed as an email


and that email differs from the
sender, as does the domain name.

The body copy is intentionally vague and attempts to create


concern by referencing an invoice as "way past due". This is
designed to get an emotional reaction by the recipient, who will
click out of concern that there is a problem with one of their
accounts.

A cautious end-user is your best defense against phishing emails. If there is


TIP: anything at all about an email that seems odd or "off", trust your gut. Even
emails that appear to be from a known source should be carefully evaluated.

You might also like