Sophisticated phishing emails that beat my spam filter and are sitting in my inbox

Monday, March 13, 2017 09:30

Katherine Hockley by Katherine Hockley

Phishing emails are one of the biggest threats to personal data: 90% of cyber security breaches can be traced back to successful phishing campaigns. However, a lot of people assume they would be able to spot a phishing email, so we wanted to show you just how sophisticated they have become.

This phishing email is one of the most professional I have ever seen. They have pulled in the logo and even set up a convincing email address: auto-confirm@amazon.co.uk

If you compare this to a genuine Amazon email, they are almost identical. The only change is that at the bottom: it highlights that if you haven't authorised this transaction, click on the 'Help Page' linked within the email. (Also, no P&P charge? As if...). 

sophisticated-phishing-emails

Another nifty phishing email is this Playstation one, although a big give away is the slightly blurry, not completely up-to-date logo. However, people may be swayed by the insertion of legal babble at the bottom: "This email has been sent on behalf of Sony Interactive Entertainment Network Europe Limited, a company registered in the United Kingdom with registration number 06020283." If you search that part of the text within Google however, it comes up with hits of fraudelent emails, I've been hacked, etc. 

READ MORE: Sort your fish from your phishing: 8 key cyber security threats explained

Searching parts of the email or the sender email in a search engine is always a great way to determine whether or not you've received a phishing email. More often than not, if it is a scam, the results you will receieve will alert you that fact.

sophisticated-phishing-emails

 

Finally, I get these false Apple emails constantly. They look really similar to Apple's real purchase confirmation orders, and they often include subscriptions to things almost all of us are familiar with, like Netflix. 

Scammers can also sift through your social media to make it more direct to your interests, making it seem like a more legitimate email. Again, in this case, there is a direct link to 'cancel if it's wrong'. If you're ever worried that someone has ordered something to your account, never click the email within the link - always log-in straight through the application in a new browser page. 

A huge give away with this one was the email address - simonejs@optusnet.com.au - but how often do the majority of us check that? 

sophisticated-phishing-emails

Other convincing ones that have landed in my inbox are from senders purporting to be from PayPal and a taxi firm I have never heard of.

READ MORE: Cyber security trends for 2017 [Infographic]

The worrying thing is that these sophisticated phishing emails are good enough to trick the spam filter. And, by being almost visually identical, they are likely to trick even the most tech-savvy of us into thinking we've been duped out of money by someone who has hacked our Amazon or PayPal accounts, when actually we're just a click away from having that happen for real!


Learn how phishing training could protect you and your organisation 

Posted in Cyber Security