You are here: Resources > IT Security Technical Resources Part2 > Top 10 Phishing Scams
Top 10 Phishing Scams
Learn more about Phishing Scams and how to avoid being a target
Phishing spam emails basically pose as messages from legitimate organizations featuring a link to a scarily genuine-looking spoof site that steals all your information, credentials, and so on. It may even infect your account with worms to further propagate itself throughout the worldwide web as well. At any rate, here are the top ten most notorious phishing scams to ever land on a user's inbox or browser:
1. Wells Fargo and Bank of America Scam: Masterminded by Kenneth Joseph Lucas, Nichole Michelle Merzi, and Jonathan Preston Clark, this multi-million-dollar money laundering scheme that required the assistance of Egyptian syndicate members was among the biggest phishing schemes in history to be busted by the FBI.
2. PayPal Scam: Any PayPal spam requesting for confirmation or validation on your part—followed by a link to the spoofed site—should be ignored. This is a particularly notorious spam email because despite PayPal's best efforts to stop its spread, it has continued to make the rounds to this day. An early iteration of this email even contained the "Mimail" worm as well.
3. Comerica Web Bank Scam: This refers to a Comerica spam that's specifically offering an SSL certificate update. Bonus points for emails claiming that the update will expire within five days. Variations include a news item version and a downloadable link version. It uses all the phishing innovations described below plus it's the most common spam subject header to date next to the PayPal example.
4. Public Posting of Email Credentials Scam: A recent scam proved to be among the more peculiar ones as well. This 2009 phishing spam was able to get the credentials and account information from providers such as Hotmail, Gmail, Yahoo, and AOL. The scammers then publicly posted the information on the PasteBin catalog, which effectively compromised each and every last one of those victimized accounts.
5. Phishing Virus Combo Scam: A 2004-made virus was able to combine the evils of phishing and malware together in one frightening package. This virtual contagion was able to transform hundreds of legitimate sites into hacker-controlled botnets that stole the credit card numbers, usernames, passwords, accounts, and other personal data of anyone who visited them, a la a spoofed phishing site.
6. URL Spoofing Scam: Phishers have developed a DNS poisoning method that actually replaces the fake URL on the victim's address bar with the one it's impersonating, which made discerning a spoofed site from a real site all the more difficult.
7. Account Verification Scam: In February 2004, phishing scams became a lot more complex. Phishing sites had gained a feature wherein it submits the data it has obtained to the real site in order to check how authentic they are. If the information cannot produce a successful login, the victim is prompted to enter his credentials once more.
8. Legitimate Site Redirect Scam: In order to convince victims that the site they've visited is legitimate, the spoofed site actually redirects the user back to the real site, with him none the wiser of the bait-and-switch swindle that has just occurred.
9. Fake Login Box Scam: This technique is standard issue to all phishing scams nowadays, but it actually cropped up as early as December 2003. This phishing scam feature uses a fake login box popup in order to get the credentials it needs while linking to the real financial website in the background.
10. Domain Name Buyout Scam: In September 2003, fraudsters started learning from the mistakes of their early efforts in producing phishing scams. In order to make their links a lot more sophisticated and legitimate-looking, they began registering dozens of look-alike domain names such as yahoo-finances.com, microsoft.verification.com, and ebay-billing.com.
Phishing scams have risen to become the Internet's most notorious and pervasive online email scam to date. For all intents and purposes, it can be considered the modern-day equivalent of the "sting" con game because of its distinctive modus operandi.
Always be very critical when you click links in emails.
As a rule if you do not know the target site for the link do not click it.
Always be critical by clicking links in mails.