But the reality is that phishing scams aren\u2019t limited to just<\/em> the holiday season, and they’re not limited to targeting only shoppers. It\u2019s no surprise that cybercriminals love to use phishing scams as a way to take advantage of unsuspecting or cyber ignorant users. As I recently discussed in a recent interview with PrivateInternetAccess.com<\/a>, cybercriminals love to focus on the \u201csoft\u201d targets within your business \u2014 people they can trick, coerce, or manipulate into making a big mistake (such as giving them your login information or making a fraudulent payment to them).<\/p>\n\n\n\n But what are some common signs of phishing<\/a>? We\u2019ll explore phishing email examples<\/a> and other common scams you\u2019re likely to receive via phone calls (vishing<\/a>) and text messages (smishing<\/a>) long after the holiday season has passed. We\u2019re only going to share 1-2 examples for each topic because this article will otherwise get out of control very quickly. With all of this in mind\u2026<\/p>\n\n\n\n Let\u2019s hash it out.<\/span><\/p>\n\n\n<\/span><\/span>\n\n\n The weather outside is frightful \u2014 and so are the grammar, spelling, and punctuation issues found in many phishing messages. Bad writing is one of the most obvious indicators of a phishing email or text; these scammers often don\u2019t speak English as a primary language. Even if they are native English speakers, they tend to not put much effort into creating these messages. In many cases, they can’t even be bothered to create content with consistent designs or colors.<\/p>\n\n\n\n Sending out general phishing messages is largely a numbers game \u2014 it\u2019s about hitting as many targets as possible while expending the least amount of effort. If an attacker sends out a general phishing message to 10,000 users, a handful of people may fall for it and that number may be profitable enough to make their minimal effort worthwhile.<\/p>\n\n\n\n Here\u2019s a look at an example of a poorly written email phishing message I recently received:<\/p>\n\n\n\n First, you\u2019ll probably notice the lack of Rackspace branding in the message. Next, you\u2019ll likely notice the apparent brain aneurysm they had while adding the mix of colors and typefaces to the message. Yeah, that\u2019s pretty hinky and definitely off-brand. But if all of that wasn\u2019t enough, you\u2019ll then probably notice the typos and use of non-ASCII characters. (Speaking of, look at that email subject line: Email IQ Upgrade… yup, cracked me up, too!)<\/p>\n\n\n\n All of these things combined is sure to scream \u201cphishing scam email!\u201d But, of course, there are some other obvious issues here as well when you look at the message a little more closely:<\/p>\n\n\n\n One glaring giveaway is that they embedded a link to a blatantly phony phishing website. This clearly indicates that the message didn\u2019t come from Rackspace because, if it did, it would have included a link to Rackspace\u2019s official website.<\/p>\n\n\n\n The cherry on top for me is that they made the interesting choice of sending the email to me while pretending to be me<\/em>. However, they used an email address that clearly doesn\u2019t belong to me or The SSL Store.<\/em> Umm\u2026 yeah. They didn\u2019t think I\u2019d realize that I wouldn\u2019t send an email like that to anyone, let alone myself? Yeah\u2026 SMH.<\/p>\n\n\n\n But enough about that \u2014 let\u2019s quickly look at another example of a poorly written phishing email:<\/p>\n\n\n\n Forget the hippopotamus \u2014 this scammer should be hoping to receive a subscription to Grammarly for Christmas!<\/p>\n\n\n\n Scammers love trying to find new ways to scam people and their activities aren\u2019t limited to just the holidays. In many cases, they\u2019re content to simply slap a new shade of lipstick on the same pig. Rather than reinventing the wheel by coming up with entirely new scams, they\u2019ll instead change up their storylines or tactics for old ones. One such example is the ongoing copyright infringement scam<\/a>.<\/p>\n\n\n\n This type of phishing scam involves an attacker sending you an email that falsely claims that you\u2019ve committed some type of copyright infringement by using one of their images without their permission. The goal here is typically one of two things:<\/p>\n\n\n\n Let\u2019s take a quick peek at one such example I recently received:<\/p>\n\n\n\n In this phishing example, the threat actor poses as a copyright notice organization and claims that we\u2019ve used an image without their client\u2019s approval. But there are two key issues with this:<\/p>\n\n\n\n No, thanks. I\u2019m pretty sure our IT admin doesn\u2019t want to spend his holiday season wiping malware and fixing other issues that would be caused by me or any other employees who fall for such scams\u2026 <\/p>\n\n\n\n Urgent messages and phishing scams go together like coal and Santa\u2019s naughty list. Creating a sense of urgency, fear, panic, excitement, or by eliciting other emotional responses is a tactic that\u2019s commonly used in social engineering scams<\/a>. The idea here is that if the attacker can do something to trick, provoke or coerce you into clicking on a phishing link, sending them sensitive information, or calling them on the phone.<\/p>\n\n\n\n Let\u2019s take a quick look at a Microsoft subscription phishing email that one of my colleagues received:<\/p>\n\n\n\n The example above is an invoice phishing message that\u2019s designed to look like an official Microsoft message. However, unlike most of the phishing examples we share in this article, this one is a bit different in that these email scams typically turn into vishing scams as well.<\/p>\n\n\n\n In this hybrid email \/ vishing attack<\/a>, the attacker uses urgent language to prompt you to call them right away, stating you only have 72 hours to request a refund.<\/p>\n\n\n\n Why bother with the phone number? It\u2019s because they want to get you on the line so they can try to get you to do one of the following:<\/p>\n\n\n\n Malicious email attachments are seemingly as plentiful as snowflakes in the winter. They\u2019re found everywhere and are just as annoying as snow when you\u2019re leaving for work and discover your freshly shoveled driveway has been snowplowed in.<\/p>\n\n\n\n But unlike a snowplow, which creates a frustrating situation, malicious email attachments are dangerous and pose a threat to your data, device, network, customers and company as a whole. Let\u2019s consider the following example:<\/p>\n\n\n\n In the phishing example above, I received a fake request for a quote that contains a potentially malicious Microsoft Office file attachment. Office files, including Word docs and Excel spreadsheets, are commonly used to spread malware and embedded phishing links via email. In fact, SonicWall\u2019s research<\/a> shows that weaponized Microsoft Office files increased 67% in 2020.<\/p>\n\n\n\n What makes these file attachments potentially so dangerous? These attachments may install malware onto your device that can do everything from stealing your login or banking account information to encrypting your data and locking your device. Furthermore, businesses typically don\u2019t block these files because they\u2019re commonly used and shared by employees in their day-to-day jobs.<\/p>\n\n\n\n As such, it\u2019s best to avoid these issues altogether by not engaging with any attachments in suspicious emails and by not opening unsolicited emails from unknown individuals in general.<\/p>\n\n\n\n Here come phishing links, here come malicious links \u2014 we receive them every day! \u2026 Yes, I\u2019ve got so many different cybersecurity-themed parodies of Christmas carols and songs floating through my head right now that it\u2019s not even funny. Sorry.<\/p>\n\n\n\n As you\u2019ll see with the following screenshots of phishing examples, there\u2019s typically a lot of overlap in email phishing examples in terms of certain attributes to look out for. For example:<\/p>\n\n\n\n With this in mind, let\u2019s explore the first of our two phishing examples of emails that tried to direct me to visit their highly suspect websites:<\/p>\n\n\n\n The goal here is to get me to click on the \u201cDownload Attachment\u201d phishing link that\u2019s designed to look like a button. Doing so will take me to a site where the attacker will try to coerce me to log in so they can steal my credentials.<\/p>\n\n\n\n This next example, shown below, is much the same. The email is designed to look like a Microsoft Office 365 and provides a link under the guise of having important information for you to access. However, if you look at that URL, you\u2019ll quickly see how illegitimate it really is. I\u2019m quite certain that Office 365 wouldn\u2019t be using legitimate URLs that contain \u201cXXX\u201d in the web address\u2026 <\/p>\n\n\n\n Cybercriminals love data and will do everything within their power to get their hands on it. And we can assure you \u2014 they\u2019re not looking for a Naughty and Nice list to become Santa\u2019s little helpers. Having access to your most sensitive data \u2014 login credentials, employee records, customer contact lists, intellectual property, personally identifiable information, etc. \u2014 gives them many reasons to celebrate.<\/p>\n\n\n\n If you unknowingly send customers\u2019 or employees\u2019 personally identifying information (PII) to cybercriminals, the effects of that mistake can be felt for years to come in the form of:<\/p>\n\n\n\n Let\u2019s take a look at a phishing email that one of my colleagues received that requested her personal sensitive information:<\/p>\n\n\n\n This is an email that\u2019s listed as coming from the Federal Reserve Bank Wisconsin Branch and contains a message saying that they\u2019ve been trying to get in touch with Marina about some money she\u2019s allegedly to receive as someone\u2019s beneficiary. Hmm, promises of unexpected riches \u2014 definitely a big red flag.<\/p>\n\n\n\n In the following screenshot, we can see that the message is sent from an email address that\u2019s clearly not part of the Federal Reserve Bank of Wisconsin. (It\u2019s a Gmail address belonging to someone whose name is Serah.) That\u2019s red flag number two.<\/p>\n\n\n\n The contents of the unsolicited message are written to seem urgent, saying she\u2019s the beneficiary of millions of dollars since an unnamed customer died and left her the money. That\u2019s red flag number three.<\/p>\n\n\n\n Next, the email states that they require her to share highly personal information \u2014 Marina’s name, age, contact information, and even a copy of her driver\u2019s license \u2014 in order for their institution to process the funds. BIG red flag number four. <\/p>\n\n\n\n Finally, the email directs Marina to respond to a completely separate email address than the one that the email was sent from originally. The message even goes as far as to try to create a phony air of security \u2014 it states that if she receives a message from anyone else regarding the matter, the messages should be \u201cnullified and avoided immediately for security reasons.\u201d Red flag number five.<\/p>\n\n\n\n Everyone loves a little extra green in their pockets during the holidays, and cybercriminals are no different. They want to scam people and companies out of as much money as they can while expending the least amount of energy possible. In some cases, this involves tricking people into making wire transfers for fraudulent transactions \u2014 in others, cybercriminals get users to purchase and provide the codes for pre-paid gift cards or get them to make other phony purchases on their behalf.<\/p>\n\n\n\n Some requests for payment come in the form of fake invoices and account statements. Here\u2019s one such example that I received back in 2020:<\/p>\n\n\n\n \u2026 Yeah, I\u2019m pretty sure we don\u2019t have any \u201clogistics\u201d services rendered for us from a cargo-related corporation considering that we sell digital certificates. And, even if we did, I certainly wouldn\u2019t be the person handling paying said invoices!<\/p>\n\n\n\n Needless to say, there are some other obvious giveaways that this is a phishing email \u2014 an unsolicited message containing a suspicious attachment, poor grammar, and a request for immediate payment. But at least with this email, they were consistent in representing themselves as this specific sea and air transport corporation. (They even bothered to send it from an email address that actually has \u201caccounting\u201d in it!)<\/p>\n\n\n<\/span><\/span>\n\n\n However, I\u2019m not falling for this obvious ruse, and neither should you. This is where flexing your critical thinking skills comes into play.<\/p>\n\n\n\n Let\u2019s take a look at another email that one of my colleagues received \u2014 this one falls within the \u201cphony purchases\u201d category we mentioned earlier:<\/p>\n\n\n\n As you probably guessed, this guy definitely isn\u2019t Santa\u2019s little helper. This scam email is just one more additional message on our ever-growing list of phishing examples.<\/p>\n\n\n\n Nice try, poser. But none of us is taking the bait.<\/p>\n\n\n\n This next topic of our list of phishing examples follows the last perfectly. It\u2019s quite common for phishing emails to be sent by someone impersonating an authority figure within your organization. This could be a middle-level manager, a c-suite executive, or even a board member. Regardless of which rank they try to pull, you must know what to look out for to avoid getting scammed.<\/p>\n\n\n\n In the time since I started working here at The SSL Store, I\u2019ve received a multitude of phishing emails from schmucks who\u2019ve pretended to be everyone from the company\u2019s founder, CEO, or vice presidents. (By the way, this is known as CEO fraud<\/a>.) But what do these types of messages look like? Well, the truth is that these messages can actually span several of the categories we cover in this article.<\/p>\n\n\n\n Let\u2019s quickly explore a phishing example that we haven\u2019t shared yet on Hashed Out:<\/p>\n\n\n\n The first thing to notice here is the email address. It\u2019s coming from an account with the name \u201cmarkrobinson,\u201d which is clearly not his name, and it\u2019s also coming from a Gmail account. Gmail accounts are free, easy, and fast to create \u2014 three qualities that every cybercriminal finds very appealing.<\/p>\n\n\n\n Second, the message is written with highly urgent language. (Look at the subject line.) Remember what we talked about earlier? It\u2019s all about instigating an emotional reaction from the email recipient so they\u2019ll do what\u2019s asked without pausing to ask if they should.<\/p>\n\n\n\n The last thing to note is that the imposter is trying to direct me to provide my personal cell phone to him. This is a big no-no because it can be used for a litany of purposes, including:<\/p>\n\n\n\n Poor Nellie. As you can imagine, our ever-jolly office manager receives a lot<\/em> of these phishing messages. Payroll fraud<\/a> and other related phishing scams typically target employees in accounting, payroll and human resources. As such, it\u2019s a good thing she knows what to look out for when it comes to recognizing phishing email scams.<\/p>\n\n\n\n Nellie\u2019s also savvy enough to know that if she receives unsolicited email requests regarding changes to any employees\u2019 payroll information, she should reach out to the employee directly using other channels (such as by making a phone call or walking down to hall to speak to the person directly). She knows better than to respond to the suspected phishing email!<\/p>\n\n\n\n But what does a payroll diversion scam email actually look like? Let\u2019s take a look at an old example email she received a while ago from someone pretending to be our vice president of sales:<\/p>\n\n\n\n This type of email is designed to trick her into changing Kyle\u2019s direct deposit<\/a> information to a phony account controlled by the attacker. However, as you can see from the email address that starts with \u201ccf90910,\u201d that\u2019s definitely not an email address for one of our vice presidents.<\/p>\n\n\n\n Thankfully, Nellie\u2019s aware of these types of tricks and simply forwarded it to me as an example of the types of HR payroll email phishing examples people should look out for. If she didn\u2019t know what to look out for, it\u2019s likely that she could have made the mistake of responding to the email directly. This would have resulted in a lot of problems for Kyle, Nellie, and our company as a whole.<\/p>\n\n\n\n When you receive a questionable email, it\u2019s always best to reach out to that person directly through other channels to confirm the message\u2019s legitimacy.<\/p>\n\n\n\n Of course, another favorite of mine was this email, which attempts to catch me off guard and scare me into clicking on the embedded link:<\/p>\n\n\n\n Okay, there are so many things<\/em> wrong here:<\/p>\n\n\n\n It\u2019s hard to be in a holly-jolly mood knowing that romance scams<\/a> are affecting people around the world at this very moment. While these scams aren\u2019t new, they\u2019re among the worst (in my book) because they target vulnerable individuals in the most personal ways possible to exploit their emotions and steal their savings.<\/p>\n\n\n\n The FBI\u2019s Internet Crime Complaint Center (IC3) reports<\/a> that more than $600 million<\/strong> was reported lost by 23,751 victims of confidence fraud\/romance scams in 2020 alone. Now, keep in mind that this estimate only includes reported<\/em> incidents and doesn\u2019t include the, undoubtedly, countless others that went unreported because the victims were unaware that they were being scammed or were too embarrassed to report the crimes.<\/p>\n\n\n\n Romance scams vary but often generally involve the following:<\/p>\n\n\n\n So, what does one of these types of phishing examples look like? Here\u2019s an example from ScamWatch at the Australia Competition & Consumer Commission (ACCC):<\/p>\n\n\n\n Now, imagine if someone used one of these scams to get one of your employees to send them company money or to provide access to secure company resources. All hell will break loose, and your organization and customers will be the ones left paying the price as a result.<\/p>\n\n\n\n Needless to say, someone definitely should be getting far worse than coal in their stocking for sending these types of phishing messages\u2026 <\/p>\n\n\n\n For cybercriminals, nothing brings out the holiday spirit and festive cheer quite like extortion. Many Bitcoin phishing extortion scams<\/a>, for example, involve cybercriminals demanding crypto payments in exchange for not sending allegedly incriminating or embarrassing information, photos or video footage of you to your employer, friends, and family members.<\/p>\n\n\n\n Other extortion scams involve a bad guy demanding your employee do something bad as a way to get them from spilling the bad information. One example would be targeting a cell phone provider employee to get them to carry out SIM swapping by porting legitimate customers\u2019 phone numbers to devices controlled by the cybercriminal.<\/p>\n\n\n\n But how do they achieve this? A few examples of cyber extortion scams include:<\/p>\n\n\n\n Now, mind you, these scams are typically hogwash because they\u2019re targeting a bunch of users at once with the hope that at least one of them is secretly being naughty and doesn\u2019t want to get caught. However, all it takes is one employee being afraid and not wanting to risk their secret getting out to lead to your organization or customers becoming compromised.<\/p>\n\n\n\n Here\u2019s one such example that one of my former colleagues received a while ago:<\/p>\n\n\n\n In this case, the attacker claims to have exploited the Zoom zero day vulnerability that was all over the news around that time. They claim to have used that exploit to gain access to your Zoom app, where they recorded you doing naughty things \u2014 and if you fail to hand over $2,000 in Bitcoin, they\u2019re going to share the footage with everyone you know.<\/p>\n\n\n\n … Ho, ho, ho, indeed.<\/p>\n\n\n\n Alright, it\u2019s time to wrap up this list of not-so-merry phishing examples. This type of phishing scam is one of the most brazen. It involves an attacker trying to trick or manipulate you into giving them direct access to your device, secure resources, or organization\u2019s IT systems.<\/p>\n\n\n\n So, what do these phony requests for access look like? Here\u2019s a quick example:<\/p>\n\n\n\n (Note:<\/strong> The screenshot above and below are not legitimate phishing emails. I created both specific phishing example images for the purpose of this educational article).<\/em><\/p>\n\n\n\n At a quick glance, it looks like it could be an email from my director. However, the email address clearly gives it away because:<\/p>\n\n\n\n In this type of situation, I know the best thing to do would be to reach out to him directly through another trusted method (regardless of the email statement saying not to call him). Adam and I both know that I\u2019d 100% need to confirm this type of request directly and would never simply hand over such secret information in response to such an unexpected (and urgent) email request.<\/p>\n\n\n\n Every employee helps to form your company\u2019s strongest or weakest line of defense \u2014 the difference often boils down to whether they have the cyber security awareness to recognize and avoid phishing scams and other cyber threats.<\/p>\n\n\n<\/span><\/span>\n\n\n We hope you\u2019ve found this article enlightening and useful in terms of learning what phishing scams look like, so you know what to avoid in the future.<\/p>\n\n\n\n Data security and online safety rely on people being aware of different types of threats and scam tactics. If you don\u2019t know what you don\u2019t know, how can you help keep yourself, your company, or your customers and data safe from cybercriminals? Simply put, you can\u2019t. This is why it\u2019s essential to invest the time, energy, and focus in educating yourself and your employees so they know how to recognize and respond to phishing attempts.<\/p>\n\n\n\n Furthermore, have the right tools and resources in place to help make the process easier. For example, use email signing certificates within your organization to ensure that your team is sending digitally signed, verifiable emails. Using these certificates means that the email sender has to have access to that user\u2019s device and email client to send the message.<\/p>\n\n\n\n Here are some additional resources that you may find useful:<\/p>\n\n\n\n The holidays are synonymous with cold weather, good food, and spending time with family. But for cybercriminals, it\u2019s a lucrative time of the year for phishing attacks. We\u2019ll explore more…<\/p>\n","protected":false},"author":17,"featured_media":15264,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[13107,16],"tags":[166,13147],"class_list":["post-15239","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-beyond-hashed-out","category-hashing-out-cyber-security","tag-phishing","tag-phishing-examples","post-with-tags"],"views":9833,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-12-days-of-phish-mas.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/15239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=15239"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/15239\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/15264"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=15239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=15239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=15239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}On the First Day of Phish-mas, a Hacker Sent to Me\u2026 A Poorly Written Communication<\/h2>\n\n\n\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/poorly-written-email-example.png\")
<\/figure>\n\n\n\n![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/poorly-written-email-example2.png\")
<\/figure>\n\n\n\n![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/poorly-written-email-example3.png\")
\n
On the Second Day of Phish-mas, a Hacker Sent to Me\u2026 2 Phony Copyright Emails<\/h2>\n\n\n\n
\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-scam-copyright-infringement.jpg\")
<\/figure>\n\n\n\n\n
On the Third Day of Phish-mas, a Hacker Sent to Me\u2026 3 Urgent Messages<\/h2>\n\n\n\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-urgent-microsoft-order.png\")
<\/figure>\n\n\n\n![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-urgent-microsoft-order2.png\")
<\/figure>\n\n\n\n\n
On the Fourth Day of Phish-mas, a Hacker Sent to Me\u2026 4 Malicious Attachments<\/h2>\n\n\n\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/malicious-attachment-example.png\")
<\/figure>\n\n\n\nOn the Fifth Day of Phish-mas, a Hacker Sent to Me\u2026 5 Links to Phishing Websites<\/h2>\n\n\n\n
\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-example-fake-invoice-urgent.jpg\")
<\/figure>\n\n\n\n![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/malicious-link-example.png\")
<\/figure>\n\n\n\nOn the Sixth Day of Phish-mas, a Hacker Sent to Me\u2026 6 Requests for Data<\/h2>\n\n\n\n
\n
![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-fake-beneficiary-1024x544.png\")
<\/figure>\n\n\n\n![\"phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-fake-beneficiary2.png\")
<\/figure>\n\n\n\n![\"phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-fake-beneficiary3.png\")
<\/figure>\n\n\n\nOn the Seventh Day of Phish-mas, a Hacker Sent to Me\u2026 7 Requests for Payment<\/h2>\n\n\n\n
![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-fake-invoice.png\")
<\/figure>\n\n\n\n![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/fake-purchase-request.png\")
<\/figure>\n\n\n\n\n
On the Eighth Day of Phish-mas, a Hacker Sent to Me\u2026 8 Emails From Your Boss<\/h2>\n\n\n\n
![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-ceo-fraud.png\")
<\/figure>\n\n\n\n\n
On the Ninth Day of Phish-mas, a Hacker Sent to Me\u2026 9 HR & Payroll Email Scams<\/h2>\n\n\n\n
![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-payroll-fraud.png\")
<\/figure>\n\n\n\n![\"Phishing](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-fake-firing-email.png\")
<\/figure>\n\n\n\n\n
On the 10th Day of Phish-mas, a Hacker Sent to Me\u2026 10 Romance Scam Outreaches<\/h2>\n\n\n\n
\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-romance-fraud.jpg\")
On the 11th Day of Phish-mas, a Hacker Sent to Me\u2026 11 Extortion Emails<\/h2>\n\n\n\n
\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-email-extortion-scam.png\")
<\/figure>\n\n\n\nOn the 12th Day of Phish-mas, a Hacker Sent to Me\u2026 12 Requests to Access Resources<\/h2>\n\n\n\n
\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-request-for-access.png\")
<\/figure>\n\n\n\n\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/12\/phishing-examples-request-for-access2.png\")
<\/figure>\n\n\n\nFinal Thoughts on the 12 Days of Phish-Mas Phishing Examples<\/h2>\n\n\n\n
\n