During the last few years, the number of spam emails has increased drastically. Tens of millions of junk messages are sent every day (about 50 percent of the whole flow). Besides marketing mass mailing, there are phishers who are getting extra creative in their attempts to steal personal data. Let’s have a quick skim of the most common techniques that cyber criminals use to get your account details or bank card numbers through emails and social networks.

1. Notifications from email services

This kind of phishing is aimed at gathering credentials from user’s email accounts. Scammers typically use template emails asking to restore a password to your account or to expand your mailbox storage. The message warns that if you don’t verify your account or don’t increase the available space you will no longer be able to use your mailbox. Clicking the link, you are redirected to a fraudulent Web page where you enter your email address and email account password into a login box.

Once you submitted the data, criminals can use your account to send spam, scam, and malicious emails in your name. Moreover they also get access to connected services such as online stores and cloud storage, and operate a large amount of your personal information and even steal your identity.

2. Notifications from social networks

As social networks become an integral part of our lives, phishers can’t help but imitate notifications that could come from popular social networks. Such messages could contain information about new friend requests, your friends’ activities, comments, likes, shares, etc. Such emails often replicate real-life emails from the services. After clicking the link, users land on a fake login page, where they unintentionally leave their credentials to cyber criminals. The only identifier of the fraud email is a button with a phishing link. The link is not obvious and as users usually trust the sender they don’t even think about checking the address. However, if you position the cursor on the link, the popup window shows that it leads to an unknown address which is different from the official Facebook address. Along with the common notifications from social networks, users may receive emails about suspicious activity that has been detected on your account, or about new features.  

3. Notifications from popular services and sellers

The same scheme is typically used by scammers to counterfeit notifications from popular online services, such as e-commerce websites, shops, job search websites, delivery, multimedia platforms, booking sites, etc.

Phishers spread malicious links through mass mailing including information about some problems with payments, order confirmation for an item they didn’t purchase, requests to update payment information or verify account details. Most people click on the links without any doubt and leave their data to fraudsters.


4. Banking phishing

Banking remains one of the most common phishing topics this year. Cyber criminals tend to send fake emails on behalf of banks or well-known payment systems. Victims receive messages with warning about suspicious activity on the client’s account and asking to confirm identity, restore access or cancel a transaction. User is redirected to a fake bank website and asked to enter credit card details including CVV/CVC code. In case of online payment systems, only log in is required. After the private data is received, fraudsters transfer money from user’s account immediately.

5. Nigerian prince scams

This classic yet working email scheme also known as “419 scams” refers to earliest frauds when a sender claimed to be a Nigerian prince who desperately needed help smuggling wealth out of his country. He asked the target to provide a bank account number or send a foreign processing fee to help the prince out of a jam, and then he promised to show his gratitude with a generous payoff.

The most common plots are wealthy orphans claiming to need an adult sponsor, lottery winners saying they’re required to share their winnings with others, and inheritances trapped in banks due to civil war.

However, these schemes evolve and are moving to dating websites. Phishers seek  45-to-75-year-old widowed men and women who are most likely to have money and be lonely. After establishing some relationship, criminals persuade their targets to provide their bank account or credit card information like it happened with Swedish woman, Maria Grette. She got a desperate email from her new datemate saying that he and his son had been mugged in Nigeria, the son got shot in the head, and they appeared in a hospital without any money and papers. They urgently needed funds transferred into his bank account to pay for medical expenses and a lawyer.


6. Voicemail notifications

Criminals start combining effective phishing scams with malicious code embedded into voice message notification.You may receive an email and ask you to listen to a voicemail. The name of the website in the message may seem credible and known to you but the actual link leads to a fake or copycat website aimed at stealing your account details.


How to protect yourself from phishing

Unfortunately, cyber criminals become more sophisticated in their attempts to steal sensitive data from users. However, there are a few typical features that can help you detect fake emails or messages:

  • Unusual requests. Your bank will never ask for your card details, PINs or CVV codes via email. You should also be suspicious of sites or emails requesting your social security number, ID number or other private data.
  • Wrong URL. Make sure the URL in the message is the one that belongs to the real service.
  • Sender’s Email Address. Always compare the sender’s address with the address from which you usually receive notifications. Although the sender’s name may look normal (Amazon Services, Facebook Updates, etc.), the email may be suspicious (2007top@hotmail.com, etc.) Note that official services never use public mailing accounts like Hotmail, Gmail, Yahoo!, etc.
  • Your Name. Every legitimate business or service will usually address you by name instead of “Dear Customer” or “Dear Valued Member”.
  • Typos. Most of the phishing messages contain misspellings or grammatical errors. If you notice any, it is another evidence that the message or site is fraudulent.
  • Low Resolution Images. One more sign of a suspicious message is low-quality images of the company’s logo or other graphics included into the email.

Be careful when you receive this kind of messages. Pay attention to these tips and do not open unfamiliar or suspicious looking emails to keep your sensitive data protected. Good anti-spam or anti-phishing protection could be beneficial as well.