The Inbox

5 most common phishing email tactics to watch out for in your inbox

It's not always easy to tell a malicious email from the real thing. If one of these messages landed in your inbox, would you know it was a fake?

Fortunately, Proofpoint's security experts have done their research and compiled a list of the most common tactics cyber criminals use to lure their victims in...


1. The fake invoice

"Money out" emails, which claim the recipient either has paid or is due to pay the sender, account for nearly half of all phishing emails, according to Proofpoint. They usually ask users to open attached "invoices" or "bills", which are actually malicious files that install malware - or if you're particularly unlucky, ransomware - on your computer.


2. The scanned document

The second most common type of malicious email claims that the recipient has been sent a scanned document or a fax. They are directed either to open an attached document or click on a link to see what the message is. Once again, these inevitably lead to some kind of malware aimed at stealing their money or data.


3. The shipping receipt

These take advantage of the fact that consumers often receive emails from third parties - either well-known logistics firms or unknown companies - to have their purchases delivered. Again, the "shipping document" attached is actually a fake file containing macros that install nasty things on the recipient's computer.


4. The business enquiry

What business doesn't want to welcome a new customer onto its books? This trick preys on the recipient's business instincts by claiming to be a prospective customer who wants to place an order for items in an attached document. As you can probably guess by now, in reality, the file supplied features malicious code and not much else.


5. The transaction check

In this scam, the victim receives an email claiming to be from a bank, asking them to check the transaction details in the attached file. Not having expected this, the recipient clicks on the file to see what transaction they're talking about, and if they're not careful they end up installing malware on their system.


For more on these tricks and how to avoid falling victim to them, see the Proofpoint blog.

teiss

Shares