Popular Types Of Phishing Emails

Uploaded on 2020-06-12 in TECHNOLOGY--Hackers, FREE TO VIEW

In early 2020,  cloud security expert, Wandera, revealed in its Mobile Threat Landscape Report that a new phishing campaig is launched every 20 seconds. That means three additional phishing sites designed to target users in every minute. 

However, this number no longer applies during COVID-19 times. Phishing has seen a rapid increase starting from when the pandemic went global during the first quarter of 2020. According to security firm Barracuda Networks, there was a 667% spike in email phishing attacks in March 2020 due to coronavirus fears. This new data reveals how cybercriminals are taking advantage of the people’s concerns due to the pandemic. 

This increase in phishing scams is not unique to corona-related attacks alone. There has also been an increase in invoice scams and credential theft as the whole world switches to work-from-home arrangements. 

The best way to guard against phishing scams is early detection. Being able to determine a phishing email from a legitimate email helps a lot in preventing the nasty consequences of phishing campaigns, including data theft, malware infection, money theft, and others. Protecting your privacy by using a VPN also minimizes your chance of being targeted by phishing attacks. 

To understand more about the enemy, we’ve gathered the latest and most widely-used phishing tactics in 2020. We’ve listed their characteristics and how to recognize each of them. 

Scam #1: Corona-related phishing attacks

As mentioned above, the most popular phishing strategy right now piggybacks on the public’s fear of the coronavirus. In March alone, Barracuda has detected 9,116 COVID-19-related attacks, which represents 2% of the total 467,825 spear-phishing email attacks detected for that month alone. 

There are three main types of attacks that use the coronavirus as the hook: scamming, brand impersonation, and business email compromise. Some of the scams you need to watch out for include fake corona cures, face masks, donation requests for companies that claim to be developing vaccines, and fake charities. Some scams even claim to be from the World Health Organization, asking for donations through Bitcoin. 

Aside from scams, attackers also deploy malware through phishing emails. Some of the well-known malware related to COVID-19 are Emotet, a popular banking Trojan, the Ursnif banking Trojan, the Fareit information stealer, the COVID-19 ransomware, Azorult, NetWalker, Nanocore RAT, and the Hancitor trojan.

Scam #2: Invoice phishing scams

With so many people forced to work at home because of the pandemic, most of the business transactions are done online, including financial processes such as payroll and invoicing. As a result, attackers who specialize in invoice phishing scams have more victims to target. This type of phishing involves sending a payment reminder to a vendor, brand, and even individuals, letting the receiver know that an important invoice is attached. Clicking the invoice could either redirect the user to a phishing website where he or she is directed to pay the invoice or a malware/ransomware could be downloaded to the victim’s computer. 

Scam #3: Update payment alerts

Aside from invoice phishing, update payment alerts are also common nowadays. No one would want to suffer from a service outage, especially during this crisis. This is what makes update payment scams so effective. Imagine getting an email about your internet company terminating your connection if you’re not updated with your payments or receiving an email from Netflix temporarily restricting your account until your balance has been paid off. In the time of the COVID-19 pandemic, nothing could be scarier than having no internet or Netflix. 

And hackers are feeding on the people’s dependence on these services to gain money. They usually send an email stating that there is a problem with your credit card or there is an issue with your payment, asking you to log in and update your payment details. Some attackers go as far as hacking the company and identify the employee responsible for managing accounts like these. 

Scam #4: Security Alerts

This type of phishing scam never gets olds. In fact, it is a daily occurrence. But getting security alerts from banks, email providers, and cloud services companies can be troubling, especially since the emails are becoming more sophisticated in their imitation of legitimate companies. These phishing emails actually look very real and something that users have seen before. Common security alerts include expiring password warnings, suspicious activity detected, suspicious logins, and others. When the user clicks the link, the victims are actually compromising their privacy instead of protecting it.

How to Protect Against Phishing Scams

Your first defense against scams like these is to be aware that they exist. By being aware, you’ll be more vigilant when you open your emails. Here are some ways to determine the authenticity of the emails you receive:

  • Check the sender’s email. Compare the email address with the previous emails you received from that business or company. If the domain extension is different, then that’s probably a scam. 
  • Use a reliable VPN to help you stay anonymous online. This will minimize the personal information that hackers can collect from you that can be used for phishing. Check out VPN review sites, such as VPN Watch, where you can find a top security solution for your needs.
  • Don’t click on links or attachments without verifying the authenticity of the email. If you have other contact details of the sender, confirm with him or her about the email you received. 
  • Check the grammar. Professional emails from businesses and companies undergo proofreading to make sure that it looks and sounds professional. If it sounds like it was churned out by a translating machine, then be suspicious. 
  • Do not log into your account by clicking on the link. Open a separate browser and visit your account from there to verify if there have been any changes. 

And what do you do if you get a phishing email? Delete them. 

By April Reyes 

You Might Also Read: 

All Employees Need This Effective New Training Tool:

 

 

« Five Ways Automation Can Help Fix The Cybersecurity Skills Shortage
Attacks On Anti-Racism Sites Surge »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

Protection Group International (PGI)

Protection Group International (PGI)

PGI helps organisations and governments to manage digital risk. From cyber security services to business intelligence, we help reduce the risks to your finances, reputation, assets and people.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Iconium Software

Iconium Software

DataLenz by Iconium offers continuous and real-time tracking of your data assets delivering you the tools you need to successfully reach and maintain your target security standards.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Quantum eMotion (QeM)

Quantum eMotion (QeM)

Quantum eMotion is a Montreal-based advanced developer leading the way towards a new generation of quantum-safe encryption for the quantum computing age.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

Backslash Security

Backslash Security

With Backslash, AppSec teams gain visibility into critical risks in their apps based on reachability and exploitability.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.

Shepherd

Shepherd

Shepherd's mission is to empower IT teams with solutions that simplify endpoint management, enhance security, and adapt to the evolving complexities of modern work environments.