In today’s online world, common phishing scams are a rising menace, threatening the security and privacy of individuals and organizations alike. Phishing is no longer an occasional issue but a widespread problem with significant financial fallout.
The FBI’s Internet Crime Complaint Center (IC3) received 300,497 reports of phishing in 2022, making it the top internet crime by the number of reports. This led to losses of around $52 million.
Its top position and the severe financial damages highlight the crucial need for understanding and combating these cyberthreats.
This article explores various phishing attacks – each with its distinct characteristics but all with malicious intent. Knowing the inner workings of these scams and following the advised preventive steps is essential to safely navigate the digital space and minimize financial losses.
9 Popular Phishing Scams
9. Email Phishing
Email phishing is a scam where online fraudsters pretend to be trusted organizations to trick people into giving away private details like passwords or credit card numbers. They often try to rush or scare their targets into acting without thinking. This is one of the most common phishing scams out there.
A usual trick is the fake bank email, where scammers send messages pretending to be from a bank, asking the receiver to update their account info or risk having their account shut down. Tax scams are also common, especially during tax season, with fake emails posing as tax agencies to fool people into sharing personal or financial information.
Being able to spot phishing emails is crucial. Here are some simple tips:
- Watch out for general greetings since most phishing emails won’t use your real name.
- Look for spelling and grammar errors, which can be warning signs. However, scammers are now using artificial intelligence (AI) like ChatGPT to draft their emails, which is why errors are becoming less common.
- Hover over any links before clicking to see where they go. Trustworthy organizations will also usually have secure HTTPS websites.
- Beware of emails that try to rush you or scare you into action.
- Make sure your email software’s anti-phishing tools are turned on and updated.
Phishing Email Examples
Here are a couple of examples of phishing emails – from my very own spam folder. You can see they contain all the hallmarks of phishing emails – general greetings and errors, along with a sense of rushing you to engage with them.
8. Spear Phishing
Spear phishing is a type of online scam where tricksters tailor their fake messages to a specific person or group. Unlike common phishing scams, spear phishing takes a lot of homework to make the con look real.
In spear phishing, scammers dig up information about their target, like their name, job title, and who they work with, to make believable messages. For instance, they might pretend to be a coworker or a supplier and send an email asking the target to share sensitive information or click on a harmful link.
Here are some easy steps to guard against spear phishing:
- Be wary of unexpected messages, especially those that seem urgent.
- If you get an unexpected request for sensitive info, double-check by reaching out to the requester through a known, different way of communication.
- Use email filters that can help spot and separate potential spear phishing emails.
- Hold regular training sessions to teach employees or family members how to spot spear phishing tries.
- Keep your software and systems up to date to fix security weak spots that spear phishers could take advantage of.
Spear Phishing Example
In July 2020, Twitter faced a serious spear phishing attack where scammers tricked its employees into gaining control over some famous accounts, like those of Barack Obama, Joe Biden, and Elon Musk, among others. Using a method called phone spear phishing, they got access to Twitter’s internal tools. They then used these high-profile accounts to spread a Bitcoin (BTC) scam.
7. Clone Phishing
Clone phishing is when scammers copy a real email you’ve received before but change the links or attachments to harmful ones. They then resend this fake email, pretending to be someone you trust, like your bank or a colleague.
For instance, they might copy an email from your bank about updating your account but change the link to a fake website where they can steal your login details. Or, they might resend an email from a coworker sharing a document but replace the document with a harmful version.
Here’s how to stay safe from clone phishing:
- Be cautious with follow-up emails that come out of the blue, especially if they ask you to act quickly.
- Check the sender’s email address if something feels off about the email.
- Don’t click on links or download attachments in emails that seem suspicious. Go to the official website by typing it in your browser instead.
- Use email filters that can spot and block phishing emails.
- Keep your computer’s protection software updated to guard against harmful attacks.
Clone Phishing Example
A common clone phishing scam is one where fraudsters claim they shared a document with you from a sender you are familiar with. By having a coworker invite you to view a document, you’re more likely to click on it without even thinking about it.
Whaling is a sneaky online scam where hackers target big shots in companies, like CEOs or CFOs, to trick them into giving away sensitive company info. Unlike common phishing scams, whaling scams are tailored personally to the targeted executive and require a lot of prep work to look real.
The scammers aim for high-ranking people since they have access to the company’s valuable info. For example, a scammer might pretend to be a CEO, sending an email to the finance team telling them to transfer a large sum of money to a fake account. They often create a sense of rush to get a quick reaction without much thought.
To keep execs safe from whaling attacks, companies can:
- Use multi-step login processes for email accounts and sensitive systems to beef up security.
- Teach execs and workers about whaling and how to spot it, stressing the need to double-check unexpected money or info requests.
- Have a double-check system, like needing a phone call confirmation for wire transfers.
- Use smart email filters to catch and block scam emails, especially ones pretending to be from top execs.
- Keep security software up-to-date to fend off viruses and other online threats linked to whaling scams.
In 2015, a Mattel finance executive got an email, apparently from the new CEO, asking to pay $3 million to a vendor in China. She approved the payment but later found out the CEO hadn’t sent the email. This scam was part of a bigger trend where fraudsters copy real requests. Luckily, with aid from Chinese officials, Mattel got the money back after a bank holiday in China.
5. Vishing (Voice Phishing)
Vishing, short for Voice Phishing, is a scam where fraudsters call you pretending to be from real organizations like banks or government agencies to trick you into giving away private details such as bank account numbers or Social Security numbers. Unlike regular phishing, which happens through emails, vishing uses phone calls to deceive people.
Examples of vishing scams are callers pretending to be from your bank checking on suspicious charges or from the IRS saying you owe back taxes. They often try to rush or scare you into giving information or money over the phone.
Here’s how to stay safe from vishing scams:
- Be wary of unexpected calls, especially if the caller tries to scare you or rushes you.
- Never give out personal information on a call unless you made the call to a known, trusted number.
- If a call feels fishy, hang up and call back on an official number you find on your statement or the official website.
- Use caller ID apps that can spot and block scam calls.
- Report any vishing tries to local authorities and the Federal Trade Commission.
MGM and Caesars casinos in Las Vegas were hit by vishing attacks, where hackers made phone calls to the help desk to get login details and access the casinos’ systems. They then demanded ransom money. Caesars paid $15 million to resolve the issue quickly, but MGM didn’t pay and lost around $100 million from the attack.
4. Smishing (SMS Phishing)
Smishing, or SMS Phishing, is when scammers send text messages pretending to be from trusted sources to trick people into sharing private details like passwords or bank account numbers. Unlike the usual email scams, smishing hits you through text messages on your phone.
For example, you might get a text pretending to be from your bank asking you to confirm your account details or from a government agency with a link to claim a tax refund. These messages often rush you to act quickly without thinking.
Here’s how to stay safe from smishing scams:
- Watch out for texts from unknown numbers or messages that rush you.
- Don’t click on links or download things from suspicious texts.
- If a text asks for personal info, double-check by calling the official number of the organization.
- Use a good mobile security app to spot and block bad texts and links.
- Report weird text messages to your phone carrier and the Federal Trade Commission.
Below is an example of such a scam. As you can see, Apple Pay is spelled wrongly (as one word rather than two), and the link is very strange – it is nothing like other links for Apple support or products.
Pharming is a cyber scam where scammers reroute you from real websites to fake ones without you noticing. They mess with the Internet’s address book system to pull this off – corrupting the domain name system (DNS) that translates website names to IP addresses. Unlike common phishing scams, which trick you into clicking malicious links, pharming does the rerouting automatically, making it more dangerous.
In pharming, when a user enters the web address of a legitimate site, they are redirected to a fake version of the site. For instance, a user trying to access their bank’s website might be redirected to a fraudulent site that looks exactly like the bank’s site, where their login credentials can be stolen.
Here’s how to avoid pharming scams:
- Make sure the website’s address starts with HTTPS, which shows it’s secure.
- Keep your computer, browser, and security software up to date to fix security loopholes.
- Avoid using public Wi-Fi for sensitive transactions, as it’s easier for scammers to eavesdrop on these networks. If you need to do so, make sure to use a VPN.
- Use DNS security protocols like DNS Security Extensions (DNSSEC) to protect against DNS spoofing.
- Stay alert for any unusual website behavior or appearances, and tell your Internet service provider if you think you’ve stumbled upon a pharming scam.
In 2017, hackers targeted a Brazilian bank, rerouting its online customers to fake bank websites by altering the DNS registrations of the bank’s online properties. This redirection allowed them helped them steal personal login details. This attack hijacked the bank’s entire Internet footprint, showcasing a sinister use of pharming to commit large-scale fraud.
2. Quiz and Survey Scams
Quiz and survey scams are tricks when scammers make fake quizzes or surveys to steal your personal info or spread harmful software. They often lure people with the promise of prizes or interesting results.
Examples are quizzes claiming to tell you which celebrity you look like or surveys offering free gift cards if completed. But once you take part, they might ask for your personal details or make you download dangerous software, which can lead to identity theft or other fraudulent activities.
Here are some tips to avoid falling victim to quizzes and survey scams:
- Be wary of quizzes and surveys from sources you don’t know, especially if they promise big prizes.
- Avoid giving out personal details like your name, address, or financial info on any quiz or survey.
- Check the web address to make sure it’s from a trustworthy source, and look for HTTPS in the address for extra safety.
- Use security software on your devices to detect and block malicious activities.
- If a quiz or survey asks you to download something, that’s a bad sign. Stay away from it.
- Report any shady quizzes and surveys to the authorities to help stop others from getting scammed too.
Quiz and Survey Scams Example
In 2022, a scam targeting WhatsApp users offered fake Costco cash rewards for surveys, tricking victims into sharing personal data or downloading malicious apps.
Originating in Mexico and spreading across Latin America, this fraud exploited Costco’s “40th anniversary” with fake websites and reviews to seem credible. Scammers prompt sharing the scam link for a “prize,” further spreading the deceit and potentially installing malware or stealing sensitive information.
1. Tech Support Scams
Tech Support scams are schemes where scammers pretend to be helpful tech support agents from well-known companies to fool people into providing personal information or paying for unnecessary or non-existent tech support services. These scams prey on people’s lack of technical knowledge.
Examples include random calls or emails from people claiming to be from Microsoft or Apple, telling you there’s a fake problem with your computer and offering to fix it for a fee. They might ask to control your computer remotely, which can lead to harmful software being installed or your personal info being stolen.
Here’s how to steer clear of tech support scams:
- Be wary of unexpected calls or emails offering tech support, especially if they rush you.
- Never share your personal or financial details, and don’t let them control your computer if you didn’t ask for help.
- If you think a scammer has contacted you, hang up or delete the email, then call the real company directly using their official contact info.
- Keep your computer’s protection software updated to block harmful stuff.
- Learn about common tech support scam tricks and teach others, too.
- Report any tech support scams to local authorities and the Federal Trade Commission.
Tech Support Scams Example
A common tech support scam via e-mail is a suspicious activity notice. This is when scammers pretend to be from well-known companies, saying that there is unusual activity in your account and asking you to call or click on a link. They will then ask you for your information and record it.
Staying Safe from Common Phishing Scams: A Summary
Common phishing scams are a big problem, putting both individuals and companies at risk. As seen by the FBI’s staggering figures for 2022, these scams can cause a lot of financial damage, making it really important to understand and protect against them.
The article has broken down different types of phishing scams like email phishing, spear phishing, and others, explaining how they work and how to stay safe. Whether it’s being cautious with unexpected emails, keeping software updated, or double-checking requests for sensitive info, following these safety steps can help avoid falling for these scams and facing financial loss.
By being informed and careful, you can navigate the internet world safely.