By George Mack, Content Marketing Manager, Check Point.

Did you know that 91% of all cyber attacks begin with a phishing email?

Email phishing scams are becoming increasingly common, and for good reason. Phishing emails manipulate our emotions by using techniques such as urgency, fear, and anxiety.

Humans can fall for these deceitful tricks, but machines cannot. Thus, humans are often the weakest link when it comes to cyber security.

Phishing scams involve sending malicious emails to unsuspecting victims in an attempt to steal personal information or money. The emails often appear to be from legitimate sources, such as banks or other financial institutions, and they often contain links to malicious websites or attachments that can install malware on the victim’s computer.

The scammer’s goal is to trick the victim into providing sensitive information, such as passwords or credit card numbers, or to get the victim to transfer money to the scammer’s account. It is important to be aware of email phishing scams and to take steps to protect yourself from becoming a victim.

In this article, we will review six examples of common email phishing scams and how to identify them.

Example #1: Deceptive phishing

Deceptive phishing is the most common type of email phishing scam. This occurs when scammers impersonate a real organization to steal the victim’s personal details or account credentials.

Deceptive phishing employs a variety of techniques, such as:

  • Modifying brand logos – there are email filters that can spot when threat actors steal an organization’s logo and incorporate it into their email or phishing page. The filter does this by scanning the logo’s HTML code. However, threat actors evade this by altering the HTML attributes.
  • Incorporating legitimate URLs – To evade detection, attackers can incorporate legitimate links and contact information.
  • Disguising malicious code in clean code – When creating a phishing landing page, threat actors will copy legitimate CSS and JavaScript of a real login page, while injecting malicious code, to steal user credentials.

Below is an example of a phishing email pretending to come from the NSA, with a target audience of anyone who has a mobile Apple device.

National Security Agency phishing email content 2023
Figure 1: Example of a deceptive email

Example #2: Spear phishing

Spear phishing attacks are emails sent to a single individual, but they’re crafted with exceptional attention to detail – including details such as the individual’s address, date of birth, names of family members and friends, and more. Threat actors often acquire this information from social media or other directories.

Cyber criminals usually use spear phishing attacks to target individuals in an organization.

Below is an example of a spear phishing email that mentions specific details, such as the employee’s boss and the fact that the target is traveling to a convention in New York – a detail which could have been retrieved from social media.

Spearphishing example 2023
Figure 2: Example of a spear phishing email

Example #3: Whaling

While an ordinary phishing attack involves blasting emails to a large number of individuals, whaling attacks are targeted at high-ranking individuals. The difference between a whaling and spear phishing attack is that spear phishing attacks typically go after individuals with a lower profile.

Whaling attacks commonly go after CEOs or pretend to be the CEO to deceive other high-ranking members of a company, like the CFO, CISO, or head of PR.

In 2016, Snapchat fell victim to a whaling attack when a high-ranking member of the company was deceived by an email pretending to come from the CEO. The employee revealed employee payroll information, and as a result, the company reported the event to the FBI and provided their employees with free identity theft insurance for two years.

Example #4: Man-in-the-Middle Attack

A man-in-the-middle email attack deceives two people into thinking they’re sending each other emails, when in reality, they’re not. The hacker is in the middle, emailing bait to the victims to deceive them into sharing sensitive information or potentially installing malware.

Here’s an example of a phishing attack that used a man-in-the-middle technique to bypass MFA.

“Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user. Once the authentication was completed, the threat actor stole the session cookie that the legitimate site sent, so the user doesn’t need to be reauthenticated at every new page visited. The campaign began with a phishing email with an HTML attachment leading to the proxy server,” stated Ars Technica.

Example #5: Clone phishing

A clone phishing attack uses an existing or previously distributed email containing attachments or links – in order to gain the target’s trust. In the cloned email, these elements are replaced with malicious elements such as ransomware, viruses, or spyware.

Example of a clone phishing email from Amazon 2023
Figure 3: Example of a clone phishing email from Amazon (Check Point)

Example #6: Domain spoofing

Domain spoofing, or DNS spoofing, occurs when threat actors impersonate a real business or company with a fake website or email to trick people into divulging sensitive information.

For example, the domain may appear to be legitimate, but on closer inspection, the hacker uses Unicode instead of ASCII. Users who click on the link land on a phishing website.

In conclusion, email phishing attacks are serious threats to individuals and organizations alike. It is important to be aware of the risks and to take preventive steps to protect yourself, such as remaining aware of suspicious emails and links, not clicking on unknown links, and using strong passwords. It is also important to be aware of the latest phishing techniques and to be vigilant in monitoring any suspicious activity on your accounts. By taking these precautions, individuals and organizations can protect themselves from the vast majority of cyber attacks.

Would you like more in-depth phishing analyses? Join us at the most exciting and inspiring cyber security industry event of the year, CPX 360.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.