Phishing. It’s a nuisance that creates countless victims, and it’s getting more prolific every year.
Honestly, I expected this practice to have died a long time ago. I still remember the phishing scams I encountered back in the mid-2000s. They were chock-full of gigantic fonts in flashy colors, encouraging you to click on a link. I wondered who on earth would click on those things. Of course, a lot of people ultimately did – that’s why phishing has continued to grow as a threat.
Unfortunately, phishing is evolving and becoming cleverer. Better disguised. Just last year, I nearly put my details into a fake Hermes delivery website that was almost indiscernible from the real thing. I failed to follow my own advice simply because I was already waiting on a Hermes delivery that day – it was a well-timed scam.
My friends and I are routinely targeted by scams on WhatsApp and social media websites, but email is a different ballgame entirely. And recently, I started wondering what other phishing scams might be hiding in my Junk email folder.
5 Common Tactics to Incite Urgency
When I decided to venture into my Spam folder and see what I could uncover, I was unsurprised to find many of the hallmarks of phishing that I expected. After a while, you start spotting the old favorites – the template phishing scams that cybercriminals use to incite you into taking quick action without thinking.
I thought I’d share some of them with you for (hopefully) educational purposes. Or, at the very least, you might get a laugh out of them. These are phishing attempts that, let’s be honest, aren’t overwhelmingly convincing – at least for me, that is. But unfortunately, some people do click on them and lose money or risk their data privacy and identity.
So, without further ado, I give you the best (worst) phishing scams from my Junk folder.
Don't try this at home!
Engaging with phishing scams can have disastrous consequences.
1. Your delivery was unsuccessful
Ah, the old classic. You’ve missed a delivery, and you need to click on a link to confirm some details. What details, exactly? Well, if my near miss from last year is anything to go by, first, you’ll be asked for personal information like your name, address, and so on.
Submit those details, and you’ll probably be asked for payment information for missed delivery fees. If you input your card details, it’s game over. However, the clever thing here is that if you do submit personal information, you’re already invested. You might input your payment details because you’re halfway there.
Even if you cotton onto the scam, you could already be at risk. Personal information such as your name, date of birth, and address is enough to potentially open new lines of credit in your name.
The lesson? Don’t click on links such as these. If you need to track the status of a parcel, use the confirmation email that you received when you ordered your item. In most cases, there will be a – safe – link in that email, and it’s the only one you should use, period.
2. You’ve won a prize!
Everybody likes to get something for free, and with the economy in such a state right now, there’s never been a better time for free stuff. So, if you see an email telling you that you’ve won something, you’ll probably be over the moon.
It goes without saying that the prize doesn’t exist. While I do dabble in the art of cooking – often with questionable results – I have never entered a competition for a La Creuset dish. Actually, I’m pretty sure I can’t even pronounce La Creuset correctly.
As with the DPD email above, clicking on a link will likely ask you to confirm some information that could be siphoned off by cybercriminals. Worst case, it could open your device up to the risk of malware like a computer virus.
3. You contacted us first
Another popular method used by phishing scammers is the “you contacted us first” approach. To be fair, the more concerning aspect of this email is that it’s partly written in Russian.
Now, I speak a little Russian, and that first paragraph is telling me that I’ve won some kind of lottery, so the entire email makes zero sense. Still, I’ve seen much better examples of this type of phishing scam before, and this is a common tactic. None of us like to think that we’ve forgotten about a message, so you might be inclined to click on the link and see what’s going on.
This email uses a TinyURL link. TinyURL is a service that lets you cloak the true identity of a web link so you’ve got no idea where you’re going. In short, seeing such a link within an email is another huge red flag.
4. Your subscription is expiring
This one is particularly interesting. Around the end of 2022, I reviewed McAfee Antivirus and signed up for a subscription to do so. Ever since I’ve had an avalanche of spam related to McAfee. In fact, the majority of phishing scams in my Junk folder reference McAfee. It raises questions about their data-sharing practices, though I’ve no evidence that’s the cause.
Now, while I did have a subscription, and I have indeed canceled it, these emails aren’t from McAfee. Inspecting the embedded link, it directs to a completely unrelated – and most likely dangerous – website.
But this is another common tactic used by phishing scams. Your antivirus software is an important part of your cybersecurity defense, so scammers hope you’ll spring into action and click on the link.
5. You could be a millionaire
Another old favorite; who doesn’t want to be rich? Back in the day, the “get rich quick” emails largely focused on mysteriously large sums of money located in other countries. You know, the ones where a foreign prince needs your assistance in transferring millions between accounts?
I haven’t seen one of those for a while, but I am noticing an uptick in cryptocurrency-related phishing scams. It’s no secret by now that Bitcoin, in particular, has seen a meteoric rise since the 2010s. As an early internet user, I’ve certainly felt the regret of not investing when I was younger.
But there are two important points to highlight here. One, cryptocurrency is not a get-rich-quick scheme. Bitcoin’s explosive growth was unexpected, but the vast majority of people who invest in Bitcoin lose money. Two, these kinds of financial scams are rife, and the only thing that this email will give you is a headache as you deal with the consequences of becoming a cybercrime victim.
What Can You Do if You Click on a Phishing Link by Accident
Cybercriminals are always finding new ways to trick you. In the past few years, scammers have even started using legitimate sites as bait. For example, PayPal has been used for several scams, as it is a popular service provider with millions of customers.
So, if you are tricked into clicking a phishing link, what can you do immediately after? These are the steps you can follow:
- Disconnect the internet from your device: If the phishing link contains any malware, this will prevent it from spreading to your files or sending out any personal information to third parties.
- Scan your system for malware: Many antivirus programs do not have to be connected to the internet to run a scan. If there is any malware in your device, you can find it through the scan and deal with it quickly.
- Change all your passwords: You must act fast and reset all of your usernames and passwords if any of your information was exposed in the few seconds before you disconnected your device. Ensure you use secure passwords, as the stronger your password is, the harder it will be for hackers to crack it.
- Notify your bank or credit card company: Inform your bank about the situation. They may suggest sending you new credit cards just to be safe.
- Set up a fraud alert: Get in touch with one of the credit reporting agencies, such as Equifax, Experian, or TransUnion, and ask them to add a fraud alert to your credit report.
- Inform your email provider: It is best to inform your email provider about any dangerous phishing scams, so they can be aware too and be better prepared to stop these types of emails from ever reaching users’ accounts.
The Old Advice Is the Best Advice
At the risk of taking another trip down nostalgia lane, the advice from the early days of the internet hasn’t changed much. Don’t click on suspicious links within emails, text messages, social media messages, or any other medium.
There are steps you can take to prevent cybercriminals from gaining access to your personal information. They may be using clever techniques to trick you, but you can take advantage of your common sense and several cybersecurity tools to help you in your quest against phishing scams and staying safe online.
Have you ever been the victim of a phishing scam? Let us know in the comments below.