One collection of phishing emails offered by one information security boss provides insight into how the practice evolves.

Security teams are constantly trying to stay one step ahead of phishing emails. What punches do they use? Who are they targeting? What strings do they pull to get people to click on malicious links? One way to gain that insight is to study the emails sent by scammers. Gary Hayslip, Chief Information Security Officer (CISO) at Webroot for cybersecurity and threats, has been collecting hacking email samples for the past four years, ever since he was chief of security for the city of San Diego. "I began to notice that the spam I was receiving was no longer the usual 'prince of Nigeria, please respond'. Instead, some of these scammers did research on claims departments or on specific managers, so emails were tailored to them, "he says. "I thought you were interesting and I started keeping copies. Sometimes you see some really weird things. "

These emails became a valuable research tool, especially after Hayslip realized that other information security chiefs were collecting them. Another information security chief would send him a phishing email. in their organization, so they compared notes. "I could tell them, 'yes, we got something similar 18 months ago and it comes back again.'"

He adds that knowing the changes, say, of senders or how to create a sense of urgency, allows him to and his colleagues to better identify and block variations in that phishing campaign. He has that record on hand, also as good training for his staff. Hayslip also emphasizes the need to educate employees about phishing hazards. "I believe it is important to reiterate that our employees must be educated, and the security professionals themselves must be educated about these threats. They will not disappear, they will improve and they will continue to influence organizations. "That training is important because Hayslip notes that criminals are becoming much more targeted with their phishing campaigns." They target specific groups they know everything about, or target specific people and e. -the mail is written according to them. "The relevance of the recipient makes a phishing email a lot more destructive if it is successful, either in terms of harm to the network or in terms of the size of the financial damage - for example, to achieve that assistant executive administrator approves the big fake payment.

Below has eight phishing emails collected by Hayslip. It evaluates why they are effective or why they are not, and what they find to be fraudulent in each of them.

Examples of phishing emails:

1. Your account has been hacked

The person sending this phishing email found a group email - a message publicly available on Webroot's website. Using that message targeting the list was tricky. The content of the message isn't quite as tricky, with lines like "It's useless to change your password, my malware intercepts it every time. "When you see a message like this, it's someone who doesn't really understand how malware works, "Hayslip says. Professional cybercriminals don't say that." There's a way they speak e, and they are very professional about their tools and how they describe things. I immediately knew this was bad. "Hayslip thinks that the sender of this email probably bought the phishing tool online without understanding how it works. Bragging is just an attempt to scare the recipient to take the action requested.

2. A charitable donation for you.

" This has been fun! I've seen several versions of it. 'We're giving it a gift! Just contact us and we'll do our best to keep you on the list,' "Hayslip says. This is a common template where the sender can only change names. Link, of course, sends the victim to a malicious site. Here, the fraudster counts on the greed (and gullibility) of the recipient. "Social engineering attacks are so widespread, and so successful, due to human nature, whether it is curiosity, greed or fear," says Hayslip. do something. "

3. You've added a new email address to your PayPal account

This is a common seasonal phishing campaign that occurs from November to January when people shop for the holidays. It also appears in March and April during the tax return season. "The reason these campaign works is that people buy online, and if they don't think right, they'll think, 'That's right, I was shopping for my wife last night on Amazon and one seller wanted me to use PayPal. I'll check that out, "says Hayslip. However, when they stopped to look at the email, it's obviously not really from PayPal. The email address is obviously not from the PayPal domain, and the language and tone of the message is also a big signal." That: "Let us know right away"! I have real warnings from PayPal and they are not in this format. They are more formal and will have no links but phone numbers to contact, "Hayslip says.

4. Change your password for ADP service

This was a successful hacking campaign, as several employees pressed the link to reset their password. obviously knew that the company was using ADP (Automatic Data Processing), and he knew which group within the organization could have signed up for ADP accounts. In one case, the HR department received an email saying the victim's bank account information had changed The attacker was counting on the victim not to immediately think that ADP was not contacting the account holder this way, Hayslip says, which was so effective that the company had to determine who all received this email so they could delete the message and her malicious link from her mailboxes. "Because of the four or five people who clicked on the link, we had to quickly shut everything down and make sure everyone changed their passwords. "This type of attack would be less successful if all employees were aware that ADP would not contact them directly to take this type of action. ADP would first contact the Human Resources Department, which would then notify employees.

5. The FBI's Department of Counter-Terrorism and Monetary Crimes

You can classify this approach as "let's throw a bunch of stuff against the wall in one email, let's see what will be received." However, the result is something so obviously wrong that it would almost "The guy who sent this to me was laughing," Hayslip says. "I'm on the InfraGard board, so I contact the FBI almost daily," Hayslip says. "When I saw this, I immediately "The FBI would have nothing to do with the UK National Lottery lottery. The letter would indicate the total amount of the fund in US dollars. The email address is obviously false and the greeting" Attn. Email Owner "doesn't make sense given the nature of the message. The FBI's official email would also be formatted differently." There are specific ways the FBI creates its signature block. At the end of each email, they have a privacy warning. " says Hayslip. This is an attempt to use the greed of a potential victim mentioned by the FBI to take the message more seriously. "The content of the email itself ultimately kills the whole thing. It looks like several emails that have been cut and glued together," Hayslip says.

6. Microsoft is researching you and your family voicemail

About 400 Webroot employees received this voicemail message. "A bunch of people are crazy about this," Hayslip says. The number of recipients and the fact that a voice synthesizer was used were a clear sign that the messages were false. This was the first phishing attack on a company that used voicemail. Subsequently, the company received other phishing attempts, seemingly from Microsoft or the IRS (tax office), by voicemail, and the perpetrators got better at it. "The message is getting tougher," Hayslip says, but they all still use a speech synthesizer. "They weren't really effective. What we are waiting for is for criminals to start using artificial intelligence so voicemail sounds like it is a real human being. Then we will have problems, "he says. Education is key to fighting this type of phishing." If Microsoft sues your company for licensing problems, they will not leave such voicemail, "Hayslip says." They will send their lawyers. " Similarly, the tax service would send notifications by mail, not voicemails to anyone who might be in trouble

7. Bank of Ireland Payout Request for GoDaddy

This email has sufficient information specific to the target company to even the savvy recipients would stop. "We use GoDaddy, so people wondered, 'Are we late for an account?'" Hayslip says. "We have an office in Dublin, so the important question we asked was:" Do we have any accounts that use the Irish Bank? " We also dealt with claims. All the replies were negative. "And here's an attempt to fish for recipients to be unaware of what processes their company is really using." I've never seen GoDaddy send a strike through a bank. Usually, GoDaddy just sends you an email saying, "Hey, it's time to rebuild," Hayslip says. While the Hayslip team was trying to check the correctness of the emails in different departments, they also opened the link. "That's when we found out it was malware."

8. Pay the balance on your Amazon seller account

This message was sent to Hayslip's deputy chief of information security, who is not a seller through Amazon. This made it easy to see that it was an attempt at phishing, even if the recipient was not experienced security professional. Even if the recipient was a seller through Amazon, the message does not resemble any official communication for paying Amazon with its sellers. "I saw what the process of selling through Amazon looks like, and it's much more than a little email saying 'hey, you owe us some money,'" Hayslip says. A real Amazon message would be more formal and include their logo. would give anything with links. Instead, they tell you, 'Here's the date and time we work. Here are our phone numbers. Here's where you can contact us. ' Then you need to contact them, "Hayslip says." So these types of emails immediately raise the alarm because they don't follow the methodology that marketers typically use. "