Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
75% of organizations experienced some kind of phishing attack in 2020. Of those attacks, almost all (96%) arrived via email.
So, what does a phishing attack look like? We’re rounded up 5 REAL examples of spear phishing attacks, all detected (and prevented) by Tessian Defender. See those alerts at the top of each email? These are Defender’s in-the-moment warnings that explain exactly why the email has been flagged as suspicious.
If you’re looking for more information about phishing, check out these resources:
- What is Phishing?
- What is Spear Phishing?
- Must-Know Phishing Statistics: Updated 2021
- Phishing vs. Spear Phishing
- What Does a Spear Phishing Email Look Like?
Example 1: The attacker is encouraging the target to sign an “updated employee handbook” 📋
- This document prompts the target to click on another link, which leads the user to a fake O365 login page. The goal: To gain access to the target’s login credentials. This is called credential phishing.
- The attacker is using social engineering tactics to motivate the user to act now. For example, noting that “20% of employees have already accepted” and “we are all required to review and sign an acknowledgement of the handbook upon receipt of this email”.
- COVID-19 is also used as a pretext for sending the handbook in the first place, which gives legitimacy to their request.
⚡ COVID-19: Real-World Examples of Opportunistic Phishing Attacks
⚡ How Hackers Are Exploiting the COVID-19 Vaccine Rollout
Example 2: The email is a spoof of an MS Teams notification 🔔
Note: Instead of seeing “xxxxxx”, the target would see their email address. Not only does this increase the legitimacy of the webpage and make the user feel like they’ve logged in before, it also reduces the friction for the user to move on to the next step, which will be entering their password.
- If you actually did use Microsoft Teams at work, you’d have no reason to believe this is suspicious or malicious. The email looks like the real deal and was likely templated from a genuine notification.
- The email itself is a domain spoof, and spoofs the target’s own email address. This is particularly clever because – well – it’s not implausible that Microsoft Teams would actually send emails “from” the user’s own email address.
⚡ What is Email Spoofing? How Does Email Spoofing Work?
Example 3: The attacker is pretending to be a new starter 👋🏾
Let’s break down this phishing attack.
- Again, in this example, the attacker is leveraging a fake notification from Microsoft. This time, though, it’s from Microsoft File Sharing service.
- Unsurprisingly, the attacker is after the target’s credentials. (This is called credential phishing, remember?) If the user clicks on the “Preview Online” button – a malicious link – they’ll be taken to a lookalike website.
- If the target does input their credentials, they won’t login to Microsoft File Sharing. Instead, the details will be sent directly to the hacker, who will then have easy access to the user’s account.
- Notice that the notification is well-formatted and looks like a genuine email from Microsoft. There aren’t any obvious spelling or grammar errors. The average person would likely fall for this attack.
- The “[REDACTED], FIY” note was included on purpose. The attacker is trying to pique the target’s interest. Wouldn’t you want to know what the message said? The more curious and emotional we get, the more likely we are to click a link without thinking of security.
Did you know? Microsoft is one of the most impersonated brands in phishing attacks. Find out who else makes the list.