Popular Phishing Scams and What to Do About Them

How to recognize and avoid the most common types of phishing

Hacker using two computer monitors at once

Peoplemages / Getty Images

What is a phishing scam? It's a type of cyber attack in which the attacker sends an email purporting to be from a valid financial or eCommerce provider. The email often uses fear tactics in an effort to entice the intended victim into visiting a fraudulent website. Scammers have evolved to target your text messaging inbox as well with what is called SMSishing — all the advice here will essentially apply to text message scams as well.

Once on the website, which generally looks and feels much like the valid eCommerce/banking site, the victim is instructed to login to their account and enter sensitive financial information such as their bank PIN number, their Social Security number, mother's maiden name, etc. This information is captured and sent to the attacker who then uses it to engage in credit card and bank fraud - or outright identity theft.

Many of these phishing emails appear to be quite legitimate. Don't be a victim. Look over the following examples of phishing scams to familiarize yourself with the clever techniques used.

The Washington Mutual Bank Phishing Email

Washington Mutual Bank phishing email

Below is an example of a phishing scam targeting Washington Mutual Bank customers. This phish claims that Washington Mutual Bank is adopting new security measures which require confirming ATM card details. As with other phishing scams, the victim is directed to visit a fraudulent site and any information entered on that site is sent to the attacker.

The SunTrust Phishing Email

SunTrust phishing email

The following example is of a phishing scam targeting SunTrust bank customers. The email warns that failing to comply with the instructions may result in account suspension. Note the use of the SunTrust logo. This is a common tactic with 'phishers' who often use valid logos they have simply copied from the real banking site in an attempt to lead credence to their phishing email.

The eBay Phishing Scam

eBay phishing scam

As with the SunTrust example, this eBay phishing email includes the eBay logo in an attempt to gain credibility. The email warns that a billing error may have been made on the account and urges the eBay member to login and verify the charges.

The Citibank Phishing Scam

Citibank phishing scam

There is no shortage of irony in the Citibank phishing example below. The attacker claims to be acting in the interests of safety and integrity for the online banking community. Of course, in order to do so, you are instructed to visit a fake website and enter critical financial details that the attacker will then use to disrupt the very safety and integrity they claim to be protecting.

The Charter One Phishing Email

Charter One Bank phishing email

As seen with the previous Citibank phishing scam, the Charter One phishing email also pretends to be working to preserve the safety and integrity of online banking. The email also includes the Charter One logo in an attempt to gain credibility.

A PayPal Phishing Email

Detail of a PayPal phishing scam

PayPal and eBay were two of the earliest targets of phishing scams. In the example below, this PayPal phishing scams tries to trick recipients by pretending to be some sort of security alert. Claiming that someone 'from a foreign IP address' attempted to login to your PayPal account, the email urges recipients to confirm their account details via the link provided. As with other phishing scams, the displayed link is bogus as clicking the link actually takes the recipient to the attacker's website.

The IRS Tax Refund Phishing Scam

IRS tax refund phishing scam

A security flaw on a US government website has been exploited by a phishing scam claiming to be an IRS refund notification. The phishing email claims the recipient is eligible for a tax refund of $571.94. The email then tries to gain credibility by instructing recipients to copy/paste the url rather than clicking it. That's because the link actually does point to a page on a legitimate government website, http://www.govbenefits.gov. The problem is, the page being targeted on that site allows the phishers to 'bounce' the user to another site altogether.

Reporting phishing scams

If you believe you have been the victim of fraud, contact your financial institution immediately by phone or in person. If you have received a phishing email, you can usually send a copy to abuse@DOMAIN.com where DOMAIN.com signifies the company to which you are directing the email. For example, abuse@suntrust.com is the email address for sending phishing emails purporting to be from SunTrust Bank.

If in the United States, you can also forward a copy to the Federal Trade Commission (FTC) using the address spam@uce.gov. Be sure to forward the email as an attachment so that all important formatting and header information is preserved; otherwise the email will be of little use for investigative purposes.

Was this page helpful?