Common Phishing & Malware Attempts to Look Out For 

phishing cartoon graphic
  • Home
  • /
  • Blog
  • /
  • Common Phishing & Malware Attempts to Look Out For

The Internet has certainly changed the way people do business.

On the other hand, it’s also made it easier for people to steal information, install malware, or worse.

There are many different types of phishing and malware attempts that can be harmful to your device or website, but not all of them are easy to spot right away.

Whether they come in through a form on your website or go straight to your inbox, the following emails should be deleted immediately and NEVER clicked on:

1. Viagra scams

Viagra scams are probably the most common and obvious spam or malware attempt. You can’t help but laugh at them. These emails usually just contain a few bad links to “get Viagra without a prescription.” 

Clicking on these links can install malware or spyware that track your web surfing habits and keystrokes, picking up on your credit card numbers, passwords, and other important information.

2. Nigerian royalty

Another common and hilarious phishing attempt is the classic Nigerian prince email.

These emails contain a story from some alleged Nigerian “royalty” about how they’re in trouble, whether it’s with their bank or not being able to leave Nigeria until a “minor issue” is settled.

In the end, the “prince” will ask you to deposit money into his bank account because he needs help getting out of a jam. Naturally, this is all just another attempt to steal your information or install malware on your computer.

3. Copyright infringement notices

Have you ever received an email from a so-called “photographer” claiming that you’re wrongfully using their copyrighted images on your site? 

If you’ve never seen or heard of this attempt before, it can be hard to detect upon first glance. Naturally, your first inkling will be to click the attached link to see which photos you’re “infringing the copyright” on, but this is just a ploy to get you to download malware. 

Here is an example of a fake copyright infringement notice that one of our clients received last month:

malware example

4. Requests from your boss

One of the key components in spam and malware is finding people who will immediately trust what they’re seeing. These days, spammers can spoof email addresses, meaning that they can impersonate your boss and send you messages from what looks like your boss’s email address.

One of the most easily-fallen-for malware attacks works by mimicking a coworker or someone with some authority over you. In some cases, these messages may come from a fake email address that is similar to someone you work with, but may be off by a character or two.

It may look something like this:

I need you to finish this task by tomorrow morning… It’s very important.

Please open the attached file to get further instructions. Thank you!

-[insert your boss’s name here]

If you receive an email similar to the above, your best bet is to call up your boss or walk into their office and double-check with them to make sure it’s a legitimate email. Otherwise, you risk putting your company in jeopardy by installing malware or spyware onto your computer.

5. Life insurance payouts

Not all phishing attempts will ask you for money. Some will actually offer you money.

Another common phishing scheme involves fake life insurance payouts for someone who has died (usually a friend or family member of yours).

These messages are often very vague about how they got your contact information, and they may even try to establish a connection between the two of you.

Here is an example of one we received last month via fax:

Dear Jarett T Rodriguez,

My name is George Coleman JD; I am a partner at Crawford Law Firm, Canada.

It may surprise you to receive this letter from me, since there has been no previous correspondence between us. There is an unclaimed “permanent life insurance policy” held by our deceased client.

The transaction pertains to an unclaimed “Payable-on-Death” (“POD”) savings monetary deposit in the sum of Thirteen Million Thirty Thousand United States Dollars ($13,030,000) with a Reputable Bank. The policy holder was one of our clients, Mr. Alan T Rodriguez , who worked with Energy Company in Canada. He died in an accident in Toronto Canada, Nine years ago. Since His death no one has come forward for the claim and all our efforts to locate His relatives have proved unsuccessful.

The insurance company code stipulates that “insured permanent policies” not claimed must be turned over to the abandoned property division of the state after 10 years.

Therefore, I ask for your consent to be in partnership with me for the claim of this policy benefit, in view of the fact that you share the same last name and nationality with the deceased. If you permit me to add your name to the policy, all proceeds will be processed on your behalf. I wish to point out that I want 10% of this money to be shared among charity organizations while the remaining 90% will be shared between us.

This is 100% risk free; I do have all necessary documentation to expedite the process in a highly professional and confidential manner. I will provide all the relevant documents to substantiate your claim as the beneficiary. This claim requires a high level of confidentiality and it may take up to thirty (30) business days, from the date of receipt of your consent. Kindly provide a reachable contact number, for faster communication.

In most cases, these messages are just trying to get financial information out of you by making up some kind of lie or scam. Even if they don’t ask for any information from you, the best thing you can do is delete it without responding.

6. Blackmail/Extortion

One of the most dangerous kinds of phishing attacks are those that try to get you to pay money in order for them not to release some kind of private information about yourself.

These messages often threaten to release sensitive or personal information of yours, like your social security number, pictures, credit card number, or passwords, if you don’t meet their demands.

Here is an example:

I have got a video of you recorded without your knowledge. It was not fun to set up the camera in your living room and record you, but now I have something that will be worth it.

If you want me to erase this video from my computer, then send me $500 via Western Union (to avoid any paper trails).

Again, the best thing to do is just delete this message and not respond. If you feel like it might be a real threat, call your local police department instead of sending money or giving out personal information over email.

These days, scammers are becoming more advanced, bypassing email systems and heading straight for your web forms. 

Fortunately, modern software is smarter. 

Akismet checks your comments and contact form submissions against a global database of spam to eliminate notifications from your contact forms that are spammy, and it prevents any open comments fields on your site from publishing malicious content. 

At Bizzuka, we implemented this software on our own Contact Us forms and noticed a 90% reduction in spam submissions. Since then, we’ve begun offering Akismet spam control as an add-on for our clients. Contact us today to learn more about how we protect our websites against spam!