Email Security Blog

2019 Most Convincing Phishing Emails

One of the best things about working at INKY is observing all the shapes and sizes that phishing attack emails come in. It’s particularly rewarding knowing that even the most convincing Phishing email examples are caught by our Phish Fence.

Here we are going to share six of the most convincing phishing email examples we’ve seen in 2019.

Phishing Email Example #1

Who is it supposed to be from?

Discover Card

What’s the Premise?

In this phishing example, the premise is that your account has been compromised. Lucky for you, Discover Card has caught it and is supplying you with a temporary ID and link so that you can update your username and password. The email uses Discover branding and iconography, and links to their actual app and all of their social media.

What did the INKY Banner say?

Phishing attack: Red Banner: Flagged for Sender Forgery and Spam content

What gave it away?

In this case, the email domain that the phishing attempt was generated from was not associated with Discover Card. Further, the content met Phish Fences spam criteria and was flagged as such.

What did it look like?

DiscoverCardWarning

DiscoverCardPhishingEmail

 

Phishing Email Example #2

Who is it supposed to be from?

A customer who’d really like to pay you!

What’s the Premise?

In this phishing attempt, the premise is that a customer would like to pay for a service rendered. To do so, they’ve kindly attached some information to help you make sure that you get paid.

What did the INKY Banner say?

Phishing attack: Red Banner: Flagged as potentially dangerous, recognized as phishing content, and flagged for sensitive content (financial information).

What gave it away?

The email met the profile for a phishing attempt, the content and cadence were suspect, and the attachment was found to be illegitimate and a simple attempt to solicit account details.

What did it look like?

PhishingEmailWarning

CustomerPhishingEmail

Phishing Email Example # 3

Who is it supposed to be from?

FedEx

What’s the Premise?

Your package is on its way! The tracking number supplied links off to a phishing site where credentials can be harvested.

What did the INKY Banner say?

Phishing attack: Red Banner: Flagged as dangerous, not from a FedEx domain (Joan and Gary sent it), flagged as brand impersonation and the profile was recognized as likely spam content.

What gave it away?

Generally, FedEx is a shipping company; they don’t have to outsource shipping information to Joan and Gary. Once established that the sender was fraudulent, INKY recognized that the content was, in fact, a brand forgery.

What did it look like?

FedExWarning

FedExPhishingEmail

Phishing Email Example # 4

Who is it supposed to be from?

Google Photos

What’s the Premise?

Good news your photos have been published! Given that you haven’t published any you might hesitate but in our voyeuristic society who isn’t rushing to open that?

What did the INKY Banner say?

Phishing attack: Red Banner: Flagged as dangerous, not from a Google Photos, flagged as brand impersonation and the profile was recognized as likely spam content.

What gave it away?

In this case, Google has outsourced their photo album notifications to M Mullin’s a dodgy chap who sticks it to google by using a Hotmail account. Our Computer Vision engine analyzed the graphics and recognized them as fake.

What did it look like?

GooglePhotosWarning

GooglePhotosPhishingEmail

Phishing Email Example # 5

Who is it supposed to be from?

The HR Department

What’s the Premise?

HR cares about you very much, so much in fact that they’d like to get your views on how the company is doing. This is mandatory... don’t mess with HR.

What did the INKY Banner say?

Phishing attack: Red Banner: Flagged as dangerous, the content profile that is highly suggestive of a Phishing attempt

What gave it away?

Normally when your HR emails you, they do it from an internal account. It is pretty unlikely that old malhadaf is an actual representative of your company. Further, these types of solicitations set off INKY’s algorithms and are quickly recognized as phishing attempts.

What did it look like?

HRPhishingEmailWarning

HRPhishingEmail

Phishing Email Example # 6

Who is it supposed to be from?

Microsoft

What’s the Premise?

Well shucks, buddy it’s time to change your password. Lucky for you, the fine folks at Microsoft are all over it!

What did the INKY Banner say?

Phishing attack: Red Banner: Flagged as dangerous, brand impersonation, phishing content, spam content, and sensitive contact flags were all tripped.

What gave it away?

Despite the phisherperson’s best attempt at spoofing a Microsoft email, INKY was able to recognize that the incoming domain was not associated with Microsoft. Further, the computer vision engine picked up on the faked graphics and iconography. The content itself was particularly Phishy in that it was requesting a password reset.

What did it look like?

MicrosoftPhishingEmailWarning

MicrosoftPhishingEmail

These were scarily convincing, right? The fact is without INKY I think I would have fallen for most if not all of these phishing attacks. If I were to pick a ‘most convincing’ I’d go for the Microsoft phishing email example, picking apart such a well-crafted domain would be virtually impossible for most folks… so don’t rely on them!

Take the INKY Phishing Fitness Test today and see how we can help you Phight Phish!

Topics: