An email phishing scam is a type of cyber attack where scammers send fraudulent emails to trick individuals into revealing sensitive information, such as passwords, credit card numbers, or personal details. These emails often appear to be from legitimate sources such as well-known companies, banks or government agencies, and typically contain urgent requests for the recipient to click on a link or provide information.
An estimated 3.4 billion phishing emails are sent every day. While it’s impossible to keep up with all of them, here are the latest email phishing scams to watch out for in 2024.
Common email spear phishing scams in 2024
Phishing scams are getting less and less obvious to spot as cybercriminals use persuasive psychology tactics to manipulate their victims into acting fast to avoid actions such as account suspensions and fines.
Unlike generic phishing attacks that cast a wide net to capture as many victims as possible, spear phishing is highly targeted. The attacker tailors their message based on detailed information about the target, which they gather from various sources like social media profiles, company websites, and previous communications.
Here are some of the most common email spear phishing attempts you need to look out for.
HMRC scam email
An HMRC scam email is a common tactic used by cybercriminals to trick individuals into providing personal information or making payments. These emails often claim to be from the UK’s tax authority (HMRC) and may threaten legal action if the recipient does not comply with their demands. They may ask for sensitive information such as bank details, email addresses and passwords.
HMRC will never ask for personal information or payment details via email. If you receive a suspicious HMRC email, do not click links or provide information. Instead, contact HMRC directly through their website or phone number to validate the legitimacy of the email.
Below is an example of what a spear phishing email from HMRC might look like.
Email:
Dear [user’s name],
You have an outstanding tax refund from 2023 to 2024.
Follow the instructions on [phishing site URL] to claim your tax refund.
Complete the steps carefully to ensure that the information is correct and we can refund you in 3-5 working days.
End
If you suspect an HMRC spear phishing email attempt, you must report it and forward the email to [email protected]
LinkedIn emails
LinkedIn is one of the most imitated brands globally. Phishing emails use LinkedIn as a cover as they have the highest social media mail open rates. The criminals will try to impersonate LinkedIn in a wide variety of creative ways to obtain your personal information, below is an example of what a LinkedIn phishing email could look like.
Email:
Dear [user’s name],
We are currently in the process of upgrading our server to enhance the performance of our platform. As a result of this upgrade, temporary limitations have been applied to your LinkedIn account.
To regain full access and effectively connect with professionals worldwide, please click on the link below to update your account and remove the temporary hold.
[phishing site URL]
We are sorry for the inconvenience
Regards,
2024, LinkedIn Corporation
End
If you suspect a LinkedIn spear phishing email attempt, you must report it and forward the email to [email protected]
PayPal scam email
PayPal scam emails are another common tactic used by cybercriminals to trick individuals into giving away their personal and financial information. These emails often appear to be from PayPal, claiming that there is an issue with your account that needs to be resolved urgently. Please remember that PayPal will never ask you to provide sensitive information via email. Below is an example of what a spear phishing email from PayPal could look like.
Email:
Dear PayPal customer,
Your PayPal account is limited. You have 24 hours to resolve the issue before your account is permanently disabled.
We are sorry to announce that you no longer have access to PayPal’s benefits like purchasing, and sending and receiving money.
Why is my PayPal account limited?
We believe your account is in danger from unauthorised users.
Confirm your information below.
[phishing site URL]
End
If you suspect a PayPal spear phishing email attempt, you must report it and forward the email to [email protected]
Headline Phishing Statistics
It is important to be vigilant regarding emails asking for personal information or login credentials. Phishing attacks can happen to anyone at any time and these are what the most recent phishing statistics show:
- Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day
- Millennials and Gen-Z internet users are most likely to fall victim to phishing attacks
- 83% of UK businesses that suffered a cyber attack in 2022 reported the attack type as phishing
- The average cost of a data breach against an organisation is more than $4 million
- One whaling attack costs a business $47 million
The impact of phishing attacks is long-lasting and often has devastating financial effects.
What should you do if you’ve been phished?
If you suspect that you have been phished, follow these steps immediately:
1) Do Not Panic: Stay calm and proceed systematically to mitigate the damage.
2) Disconnect from the Internet: If you have clicked on a suspicious link or downloaded a malicious attachment, disconnect your device from the internet to prevent further damage or data exfiltration.
3) Change Passwords: Change your passwords for the affected accounts and any other accounts that use the same or similar passwords. Use strong, unique passwords for each account.
4) Enable Two-Factor Authentication (2FA): If available, enable 2FA on all your accounts to add an extra layer of security.
5) Notify Relevant Parties:
- IT Department: If the phishing occurred on a work device or account, inform your IT department immediately
- Relevent Authorities: NCSC [email protected] and action fraud at actionfraud.police.uk
- Bank and Credit Card Companies: If financial information was compromised, contact your bank and credit card companies to monitor and protect your accounts
- Email Service Provider: Notify your email service provider to help secure your email account
6) Scan Your Device for Malware: Use up-to-date antivirus software to perform a full scan of your device to detect and remove any malware that may have been installed.
Cybersecurity Services
Staying proactive and vigilant is the key to avoiding and also fending off cyber-attack attempts.
Our cybersecurity services are here to keep your business network as safe as possible. We have over 20 years of experience in cybersecurity and network security solutions.
We are also Cyber Essentials Plus and ISO 27001 certified. Call us on 01482 628800 or email [email protected] for more information on cybersecurity.