What might be a phishing message? A phishing message is a cheating communication designed to trick the recipient into hacking important information, such as login credentials, credit card details, or personal identification. These messages often appear to be from trusted entities, such as banks, social media platforms, or government agencies.
Email Phishing Examples
1. Bank Account Security Alert
Subject: “Unauthorized Login Attempt Detected!”
Message:
Dear Customer,
We noticed an unauthorized attempt to access your account. To secure your account, please verify your identity immediately. Failure to act within 24 hours will result in account suspension.
[Verify Now]
Sincerely,
Bank Security Team
Red Flags:
- Creates urgency (e.g., “24 hours to act”).
- The link leads to a fake website.
- Generic greeting (“Dear Customer”).
2. PayPal Payment Issue
Subject: “Payment Declined: Update Your Information”
Message:
Dear User,
Your recent transaction could not be processed. Please update your payment details to resolve this issue.
[Update Payment Information]
Thank you,
PayPal Support
Red Flags:
- Claims a payment issue.
- Uses a fake link that resembles the PayPal website.
3. Subscription Renewal Scam
Subject: “Your Netflix Subscription is Expiring!”
Message:
Hi [Name],
We couldn’t process your payment for your Netflix subscription. Please update your payment method to continue enjoying our service.
[Update Account]
The Netflix Team
Red Flags:
- Fake Netflix branding.
- Link redirects to a phishing site.
4. Tax Refund Notification
Subject: “Claim Your Tax Refund”
Message:
Dear Taxpayer,
You are eligible for a tax refund of $1,256. Please complete the refund claim form to receive your payment.
[Claim Refund Now]
Regards,
IRS
Red Flags:
- Government agencies don’t communicate refunds this way.
- URL is not from an official IRS domain.
SMS Phishing (Smishing) Examples
1. Bank Fraud Alert
Message:
“Chase Bank: We detected suspicious activity on your account. Verify now: [malicious-link].”
Red Flags:
- Fake link.
- Banks don’t request sensitive information via text message.
2. Package Delivery Scam
Message:
“FedEx: Your package is awaiting delivery confirmation. Confirm your details here: [malicious-link].”
Red Flags:
- Unsolicited package update.
- Fake tracking link.
3. Phone Carrier Scam
Message:
“AT&T: Your bill payment was declined. Resolve now to avoid service suspension: [malicious-link].”
Red Flags:
- Pressure tactics (e.g., “Avoid suspension”).
- Fake link.
Voice Phishing (Vishing) Examples
1. Bank Impersonation Call
“Hello, this is John from your bank. We noticed suspicious transactions in your account. Please verify your debit card number to secure your funds.”
Red Flags:
- Banks don’t ask for card numbers over the phone.
- The caller uses fear tactics.
2. Government Impersonation Call
“This is Officer Mark from the IRS. You have unpaid taxes, and we’ve issued a warrant for your arrest. Resolve it now by providing your Social Security Number and making a payment.”
Red Flags:
- Threatens arrest or legal action.
- IRS does not demand payments via phone calls.
3. Tech Support Scam
“Hello, this is Microsoft. We’ve detected malware on your computer. Please provide remote access so we can fix it for you.”
Red Flags:
- Unsolicited calls from tech companies.
- Requests for remote access.
Social Media Phishing Examples
1. Fake Giveaway
“Congratulations! You’ve won a free iPhone! Click here to claim your prize: [malicious-link].”
Red Flags:
- Too good to be true.
- The link leads to a phishing site.
2. Account Compromise Warning
“Your Instagram account is at risk of being deleted. Secure your account here: [malicious-link].”
Red Flags:
- Instagram doesn’t send such messages via DMs.
- Fake link.
3. Fake Friend Message
“Hey, is this your photo? [malicious-link].”
Red Flags:
- Plays on curiosity.
- The link leads to malware or phishing sites.
Corporate Phishing Examples
1. Fake IT Department Email
Subject: “Password Expiration Notice”
Message:
Dear Employee,
Your password is set to expire today. Click below to reset it immediately.
[Reset Password]
IT Support
Red Flags:
- Unsolicited password reset request.
- The link redirects to a fake login page.
2. Fake HR Email
Subject: “Annual Bonus Update”
Message:
Dear [Name],
Congratulations! You’ve qualified for the annual bonus. Click below to view your bonus details:
[View Bonus]
Regards,
HR Department
Red Flags:
- Unexpected bonus announcement.
- Fake link.
3. Fake Vendor Invoice
Subject: “Outstanding Invoice – Payment Due”
Message:
Dear [Name],
Please find the attached invoice for your recent purchase. Kindly make the payment at the earliest to avoid penalties.
[View Invoice]
Regards,
[Fake Vendor Name]
Red Flags:
- The attachment contains malware.
- Pressure to act immediately.
Phishing Through Fake Websites
1. Fake Banking Login
A website mimicking your bank’s login page asks for your username, password, and a one-time PIN.
Red Flags:
- URL is slightly altered (e.g., “bank-login-secure.com” instead of “bank.com”).
2. Fake E-commerce Site
A website offering deals that are too good to be true, asking for credit card details at checkout.
Red Flags:
- URL doesn’t match the official retailer.
- Unrealistic discounts.
These examples are authentic phishing attacks seen in real-world cybercrimes. Always verify suspicious communications before responding or clicking any links.
How to identify and avoid phishing messages
- Hover over links: Before clicking, hover your mouse over the link to see the actual URL. Legitimate websites will have URLs that match the sender’s domain.
- Check for typos and grammatical errors: Phishing messages often contain errors in spelling and grammar.
- Be wary of urgent requests: Legitimate companies rarely send urgent requests for personal information via phishing email.
- Don’t click on links or open attachments from unknown senders.
- Verify the sender’s email address: Look closely at the sender’s email address. Phishers often use slightly altered addresses to mimic legitimate ones.
If you suspect you may have received a phishing message, do not click on any links or open any attachments. You can report the message to the appropriate authorities.
Discover More
What is smishing and phishing?
What a Phisher might get you to Click
How to prevent phishing: A guide for safety
How is my employees getting phishing messages from WhatsApp?