Top 10 Phishing Emails Example: How to Recognize and Avoid Them

1. Phishing emails posing as tech help

Scammers use fear to lure you into paying for pointless technical support for false issues.

For instance, scammers may pretend to be Microsoft, which was the most imitated brand in 2021 [*]. Your device’s bugs are presented to you in technical terms to persuade you that there is a problem.

When you open specific files or perform a scan, you can receive an error message, but there is no issue and the popup is simply a phishing tactic.

Tech support scams’ methods:

• The majority of the time, con artists demand payment to address imaginary issues with your hardware or software. They can put malware or ransomware on your computer if you give them remote access to “fix” these supposed problems.
• They’ll also ask you to pay a one-time fee or subscribe to a support service.

How to spot them:

• All communications with big companies like Microsoft start with you. Legitimate companies do not contact you via email about device issues.
• Be vigilant about requests for remote access to your computer.
• Refuse requests to enroll in a computer maintenance or warranty program.
• Check the sender’s address to see if it’s from a fake domain (for example, it’s not from microsoft.com).
• Do not comply with requests for your financial information. For example, credit card information to bill you for fake services.

2. Email phishing for tax refunds

Phishing emails from the IRS, pretending to be from a government agency, often ask for money or personal data, assuming users won’t verify its legitimacy.

How tax refund fraud operates:

• Tax refund fraud occurs when scammers send victims a message claiming they are entitled to a refund and direct them to a fraudulent IRS website.
• They steal private data like Social Security and bank account numbers.
• Another common scam involves installing malware on computers and asking for attachments of W-2 forms to steal identity.

How to spot them:

• To spot IRS scammers, check email origins, protect devices and networks with VPNs and antivirus, and avoid opening attachments, as they may contain viruses.
• Fake IRS names are common, so hover over their name to see real email addresses.

3. Notice of suspicious activity

Large organizations prioritize email security, preventing unauthorized login attempts. Scammers send emails asking for confirmation of identity when a new device or location is detected.

How suspicious activity scams work:

• Scammers send suspicious activity emails to victims, pretending to represent reputable businesses.
• They close accounts and ask for contact information or a link to reopen them.
• Any details provided are recorded by the scammer, appearing similar to legitimate notifications.

How to spot them:

• To spot legitimate emails, verify the sender’s address, look for bad grammar, verify the number, check the company’s website for contact information, and check the landing page URL before entering login information.

4. Phishing emails via social media

Phishing emails from social media platforms, often from the platform’s “support team,” allow scammers to access financial accounts, steal personal information, and sell it on the Dark Web.

How social media phishing scams work:

• Social media phishing scams trick recipients into clicking on a phishing link from Instagram’s “Copyright Centre,” claiming copyright infringement.
• They can steal an account if the sender’s email is not an official one, posing a security risk.

How to spot them:

• Spot them by avoiding links with unrelated destination addresses, downloading attachments, using sender’s addresses from official emails, and noticing unusual spacing, layouts, and account images.

5. Fake email confirmation of payment

This scam uses fake receipts from reputable institutions to trick users into upgrading or canceling their subscriptions through phone calls, links, or attachments.

Fraudulent payment confirmation schemes:

• Fraudulent payment confirmation schemes often involve a brief statement in an email, often about subscriptions.
• The message may include a file that can lead to a phishing website, where the con artists request login information.
• Scammers may also pretend to be billing support representatives.

How to spot them:

• The email falsely claims debit card or bank account charges and urges contact via phone for account fixation.
• Subject lines contain letters, numbers, and phrases like “PAYMENT DONE.”

6. Notice of incorrect billing information

These frauds frequently originate from businesses with big user bases. You are more likely to act upon receiving an email from Squarespace because they power many websites.

How incorrect billing scams work:

• Inaccurate billing scams use urgency to trick victims into clicking on phishing links.
• They use premium branding, a deadline, and a link to load a false Squarespace page.
• The scammer records your information and sends an incorrect password notification when you log in.

How to spot them:

• To avoid false urgency in emails, check for pixelated logos, bad grammar, and misspelled words.
• If the email seems legitimate, ensure the landing page URL is from an official domain.

7. iCloud update notification that is false

Hackers steal Apple ID & password through iCloud update fraud, allowing them to access services like App Store, FaceTime, iMessage, & iCloud. They can also access personal data, documents, & app history.

How phony iCloud updates operate

• A fake email from Apple support warns recipients to update their information to access iCloud, iPhone, or App Store features.
• Clicking the “Sign in and Review” button leads to a fake website, allowing hackers to access your accounts.

How to spot them:

• To avoid receiving suspicious emails, check the sender’s email address, look for mysterious subject lines like “iCloud account limited for security reasons,” and be aware of poor design, such as misaligned text on a button, as Apple is not known for such emails.

8. Human Resources (HR) survey email scam

There are numerous types of HR survey email fraud. The most typical trick used by con artists is to impersonate a reputable company or institution, like UCLA, and request your participation in a survey.

How HR survey scams work:

• HR survey fraud involves asking for your opinion on someone to advance in a program or position, posing as a friend.
• The sender links to a fake survey website, recording your information for access or black market sale.

How to spot them:

• Surveys may ask for private data, contain bad grammar, or mispronunciation, or be edited by legitimate companies.
• They may come from unknown domains, request unknown information, and be random and unexpected.

9. Google Docs Scam

There are numerous types of HR survey email fraud. The most typical trick used by con artists is to impersonate a reputable company or institution, like UCLA, and request your participation in a survey.

How Google Docs scam works:

• The Google Docs scam links users to a Google account page, requiring them to grant access to a bogus service.
• This app can read emails, send scams, and infect all contacts.

How to spot them:

• To avoid falling for scams, check the “Google Docs” link on Google-hosted pages and review app permissions.
• Remove the app if it appears, as the real Google Docs has default account access.

10. USPS phishing email

Fraudsters, disguised as USPS agents, demand a response from customers, delay packages at customs, and steal personal information from online orders from outside the US.

How this USPS scam works:

• A phishing email claiming to be from USPS warns of package delivery issues and prompts users to update shipping information, posing a risk of data theft.

How to spot them:

• The email is fraudulent if you don’t expect goods from USPS, lack a support email address with @usps.gov, use urgency tactics, forceful language, poor design, and logo misuse.