Common Phishing Attacks

Phishing is one way that identity thieves, scammers and fraudsters steal information. They do this through the use of social engineering or deception. The goal is to trick you into divulging confidential or personal information which can then be used for fraudulent purposes, like identity theft.

6 common phishing attacks to be aware of by Infosec Institute ..

ACCOUNT VERIFICATION
  • Appears to come from a well-known company like Netflix and asks you to sign in and correct an issue with your account
  • Link points to a website pretending to be a company’s legitimate site and asks for your login credentials
  • TIP: Do not click any links in the email — directly log in to your account by typing the address into your web browser. If you are unable to log in, contact the service using official contact information.
CLOUD FILE SHARING
  • Contains a link to what appears to be a shared file on Google Docs, Dropbox or another file-sharing site
  • Link points to a page pretending to be a file-sharing site and requests you log in
  • TIP: Do not click any links in the email. Instead, log in to your account and find the shared file by name. Remember to verify sender identity and use established Cloud file sharing services.
DOCUSIGN
  • Comes from a domain similar to the DocuSign domain
  • Link will prompt you to sign in to view the document, giving attackers control of your inbox
  • TIP: DocuSign never attaches items to email — attachments are likely malicious. Instead, access documents directly at www.docusign.com. .
FAKE INVOICE
  • Contains a document presented as an unpaid invoice and claims service will be terminated if invoice is not paid
  • Targets individuals (by pretending to be a retailer) or businesses (by impersonating a vendor or supplier)
  • TIP: Do not reply to the email. Contact the vendor/service directly using official contact information before submitting payment.
DELIVERY NOTIFICATION
  • Appears to come from a popular delivery service (FedEx, UPS, etc.) or online retailer and includes a delivery notification with a malicious link or attachment
  • TIP: Do not click links or open attachments in unexpected delivery notifications. Instead, visit the delivery service’s official website and enter the tracking information, or call the delivery service’s official phone number.
TAX SCAM
  • Appears to come from a government tax revenue agency (e.g., IRS in the U.S.)
  • Claims you are delinquent on your taxes and provides a means to fix the issue before additional fines or legal actions are pursued
  • TIP: Never share personal or financial information via email. Only use official communication channels to contact revenue agencies.