Cyber criminals have so many weapons nowadays – from Ransomware, Malware, Cryptojacking, and more. But the most common attack that you’ll receive is a Phishing Email, and almost everyone can recall a time where they’ve received one.

The worst phishing emails are easy to identify, and most people will just ignore them. But cyber criminals are getting smarter and their tools are getting more convincing and easier to fall for.

In fact, a hacker can infect your email account with ransomware in just seconds! Check it out:

Most cyber attacks happen through phishing attacks, so we compiled a list of the most sophisticated phishing emails we’ve come across:

Here’s 6 Sophisticated Phishing Emails and Why You’ll Fall For Them:

1. Google Sign-In Imitation Emails

Why This Will Trick You:
Google is very secure, where they validate anytime your email was used to log in from a unknown device or unusual location. Most social media networks like Facebook, LinkedIn, Instagram, etc. also have this security feature as well, so most users have received an email like this every once in awhile.

An attacker can send this fake email to you playing at the fact that you might be more cautious than others with your security. You’re baited into clicking the link for more details, and just like that, you’ve been compromised!

How to Avoid Being Tricked:

Cyber criminals can’t use Google’s actual email, so they’re most likely sending from a fake/dummy email address like noreply@googel.ITsecurity.net (I made that up on the spot). Always be sure to check the sending email address is actually from the expected source!

It’s always important that you hover over any links before you click them. When you hover over a link, you’ll see the URL in the bottom left hand side of your display. It will show you the true destination that the link will send you.

This email is very impersonal, meaning your name, account number, email, etc. aren’t anywhere in the email. Google will always include some personalization in their emails to prove their validity.

2. Charity Donation for You

Photo Credits

Why This Will Trick You:

Doris Buffett is a true philanthropist – so the email is not lying. There are several versions of this phishing email that gets sent around. The look and feel of the email suggest that it’s real. It plays off the human emotions of greed and gullibility, designed for you to click the link and engage with them in conversation.

The link is tricky, because the hacker made it look like you could see the full link without hovering. Once you click the link, you’re taken to a malicious website.

Responding to the email doesn’t cause immediate harm, but it will show the cyber criminal that you’re gullible and susceptible to well crafted phishing emails, and you can bet that you’ll receive much more in the future.

How to Avoid Being Tricked:

Like the first example, this phishing email is very impersonal (without even a salutation) and has very little information. A skeptic would ask: “Why did Doris Buffett pick me? What is her ‘large private foundation’ that they couldn’t specify?”

Using the hovering trick over the link ‘Peggy’ provided, you’ll be sure to see a different URL than what it says it is.

3. Netflix’s Membership Reset

Photo Credits

Why This Will Trick You:

If you’re a regular user of Netflix (I certainly am), this will surely come as a shock, and you’ll most like click on one of the links in the email. This is email is also crafted like a smart marketing email – with a clear call to action that catches your attention and entices you to click on it. Really, it makes it seem so easy to restart your membership, like all you have to do is click.

It’s not hard to imitate marketing emails from different companies, especially if you’ve seen the emails yourself. All it takes is a hacker to have bit of HTML experience, and they can craft phishing emails that look nearly identical to the company’s real emails.

How to Avoid Being Tricked:

When you get unexpected emails from company’s claiming that you’ve cancelled your subscription/membership, your account has been locked, etc., it’s always good to take into consideration the validity of the sender and any links before believing that it’s true.

Emails like these are required by law to have a ‘Unsubscribe’ option. If you can’t find that option anywhere, chances are that it’s a scam trying to trick you.

4. Bonus Decrease From Your HR Department

Why It Will Trick You:

Cyber criminals in this scenario are playing off the idea that the biggest news company’s have known for years: negativity sells. This means that you’re more likely to click on a link if it’s something negative, rather than positive.

Everyone at the company would be disappointed to know that their bonuses are decreasing at the end of the year, especially if you thought the work you’ve been doing deserved more attention.

Little research would be needed to personalize this email to your company’s HR director. A simple social media search, or even a browse through on your company’s website can give the hacker enough information to create a personalized plan of attack.

How to Avoid Being Tricked:

Social engineering attacks like this happen all the time. It’s so easy to impersonate one of your company’s employees simply by searching through your website or social media. A lot of time, company’s have their emails listed on their websites, which makes it extremely easy for a hacker to make a fake email address almost identical to it.

When receiving a social engineering attack like this, make sure you always check the validity first. Give a call to the person the email is claiming to be. It’s so easy to be tricked in an email, and that’s why it’s always a good idea to check with the source directly.

5. New Company Benefits From Your HR Department

Why It Will Trick You:

Who doesn’t love more benefits from your company? The cyber criminals know this and are using an employee’s excitement against them.

Like the Netflix example above, this has a clear call to action button that is enticing to click. It’s clear what the email wants you to do: View Policy. It only takes one eager employee to click that blue button and infect all the computers on that network.

How To Avoid Being Tricked:

You’ve heard it several times throughout this article, because it’s such an important part of your safety: double check the sender’s email address, and hover over any links/buttons that are in the email.

Realistically, if your HR department is emailing you about new policy changes, it’ll be sent to multiple people throughout your company or department. It’s easy to check with your next door neighbour and ask if they got the same thing as you did.

It’s also possible that the cyber criminals sent a mass email to your whole company. In that this case, contact your HR department through a separate email thread asking about the new benefits.

6. New IT Policy Starting Next Month

Why It Will Trick You:

This a well crafted social engineering phishing email. The cyber criminal did his research, knowing what the IT Director’s email signature would look like. The call to action links stands out, making it clear what the criminal is looking for you to do.

Once you click the link, it’s possible you’ll be tricked into a signing a document without looking it over, downloading malicious software, or whatever the cyber criminal wishes.

This email can be very well timed, because a due date is clear: you’ll have to review and sign the document before April. If an attacker is sending this out in the later days of March, they’ll be more inclined to rush in, to click any links and to sign documents without thinking about the potential risks.

How To Tell It’s Phishing:

Like many phishing emails, there are a bunch of spelling mistakes, and those are signs of a scan. Think: how many times do you re-read your work emails before sending them off, making sure there’s no spelling or grammatical mistakes?

Cyber criminals tend to write with poor English. There are a lot of cases where hackers are sending phishing emails from foreign countries, where English may not be their first language. Other times, hackers are being sloppy, because they know that it only takes 1 person to fall for the scam. They don’t need to have perfect English if 1 person will fall for their mistake-full emails. Reviewing the grammar and spelling mistakes of an email is essential to validating the safety of an email.