Phishing season doesn’t ever seem to end. The digital outbreak of phishing attacks carries on as these scams become more refined and deceiving.
According to recent statistics, over 30% of all data breaches involve phishing in one way or another. Phishing scams come in many forms, but emails are most common.
Amazon is the second famous brand after Microsoft that scammers frequently use to lure their prey. The company’s name was used in a recent phishing scam.
Read below to find out more about it, as well as other phishing schemes that have been going on, including Bitcoin exchanges or DocuSign cloud agreements online frauds.
Examples of Recent Phishing Attacks Schemes
99% of the time, in the text of a phishing email, someone pretends to represent a popular brand, with the end goal to steal your money, your identity, or information about your company.
The latest study shows that 75% of organizations around the world experienced a phishing attack in 2020. Company phishing awareness may look well on paper, but reality proves business and casual users alike still fall for phishing scams a great deal.
Check some recent phishing maneuvers examples:
Amazon’s ‘Cancel Your Order’ Trick
In the latest Amazon phishing scheme, cyber crooks send victims an email displaying their (faked) Amazon order, usually with a total sum exceeding $300. As they don’t recognize the order, victims click on a link in the email, taking them to the real Amazon website.
The message of the email includes a presumably Amazon customer support phone number. If the victims call this number, no one answers. They do, however, get a call back from a bogus support representative who asks them to provide their credit card number and CVV to cancel the order and payment bill.
Scammers kill two birds with one stone; they don’t just steal money but also capture personal and financial details, which they can later (or even at the same time) use for other frauds.
Security experts mentioned this is the kind of highly credible phishing attack. It convinces victims as the scheme covers multiple points of contact with the customer. Few people believe scammers would put in the effort of using real phone numbers and calling the victims to assure them they’ve handled the situation and cancelled their invoice. Reality shows this actually happens.
Still, in this Amazon case, scammers left an easy-to-spot trail that tipped them off: they sent emails from a Gmail account, not from Amazon. This is one of the essential red flags with phishing emails: the sender is not a legitimate business representative.
Stealing Crypto Wallets with the Help of Google Ads
As Bitcoin exchange rates go rampant, more people are drawn to invest in cryptocurrencies. Because of it, stealing crypto wallet money has become an attractive business too. In the most recent phishing scam, attackers use legitimate Google Ads, so they would get their fake website ranked on top of the search result. Yes, they create webpages that perfectly mimic the logo of cryptocurrency companies and even legit-looking user interfaces, such as the login profile window.
Users enter their username and password, but they find themselves unable to access the website, and they’re requested passphrases as a verification stage. Surprisingly, they’re still locked in their accounts, while scammers would have just captured their login credentials, sealed their crypto wallets and stole their money. That’s how it seemed to have happened with cryptocurrency apps such as Phantom App, MetaMask, and Pancake Swap, where cybercriminals managed to steal around $500,000 in just a few days.
The Typical ‘Click this Link’ Tactic with DocuSign
Scammers either sign up for a free account with DocuSign or compromise a user’s account. They upload a file to the account and then send a DocuSign envelope to their potential prey. Targets receive an email invitation from DocuSign requesting them to sign an electronic document by clicking on the link attachment.
Clicking on this link will redirect victims to a phishing site meant to steal their login credentials for Dropbox, Microsoft, or other services.
This is another example of a well-engineered type of scam as DocuSign users typically have to keep clicking on various links until they finally get to download their PDFs or Word documents.
Beware of Anything Phishy
Phishing scams get more innovative and better designed by the day. Still, they’re not perfect and always leave a mark that should give you a fair warning you’re dealing with a hoax.
Key things to look out for:
1. The email address
Reputable companies will never send you information using a free email service address.
2. The misspellings of the domain name
It might be tricky, but be mindful of an uppercase I switched with a lowercase i, or a 0 that makes a credible O.
3. Suspicious attachments or links
Phishing links are deceptive, so hover over them to see the link’s real destination. If it’s not the expected website, it’s likely a phishing attack.
What was the most fake looking phishing email you ever encountered?
Let me know in the comments below.