Real examples of fake emails

From: Get Cyber Safe

Follow:

PDF 192.5 KB

  • Transcript

    It's important that you're aware of these signs and are watching out for them in all your online activity. If you encounter these signs, here's a few things to do:

    • Don't ignore them.
    • Never click on suspicious links or respond to scam emails.
    • If you're unsure of something, go to the source directly. For example, if an email says you've missed a payment on your Netflix account, call the phone number on Netflix's official website to check.
    • Report scams to involved companies that allow you to do so.
    • Take an extra five minutes to verify something is legitimate. It takes less time than recovering stolen data or fixing a virus-infected device.

    Scam email #1: Contest winner

    To: mike221@hotmail.com

    From: iphone@jyjsk.jhsssjs.com

    Subject: Winner!!!!! (3 celebration emojis)

    Body of email: Congratulations Mike221!!!

    You've won a free iphone 11 based on your answers in a survey you completed a time ago

    We just need you to confirm your identity withing 24 hours or your prize will go to another participant.

    Ones again, congratulations!!!

    Have a great day.

    Thanks you. (end of example)

    1. Sent from a strange email address (in this example, iphone@jyjsk.jhsssjs.com).
    2. Refers to you by your email, not your name (in this example, Mike 221).
    3. Makes vague references, no specifics mentioned (in this example, "a survey you completed a time ago").
    4. Has obvious typos and misspellings (in this example "withing" instead of "within", "ones" instead of "once", and "thanks you" instead of "thank you").
    5. Pressures you to respond with more info (in this example, says "your prize will go to another participant").

    Scam email #2: Payment info

    New message

    From: netflix3456453435456433@netfIix.com

    Subject: Account payments (in all caps)

    Body of email: (Netflix logo)

    Payment declined

    Hi,

    Unfortunately, your latest pre-authorized payment for your Netflix account has been declined. Another attempt will be made within 24-48 hours.

    Please update your payment information so that you are able to continue enjoying your Netflix account.

    Update payment (in all caps)

    If you have any questions please contact the Help Centre

    - From your friends at Netflix (end of example)

    1. Sent from an email address that looks a little funny but still contains a familiar word (netflix3456453435456433@netfIix.com). If you look closely the L in the email domain is actually a capital "I".
    2. Uses strong wording and bold lettering to make it seem urgent and important (in this example, subject "Account payments" in all caps, and "payment declined").
    3. Colour of the logo is slightly lighter and pixelated.
    4. Uses a very friendly tone (in this example, greets you with "hi", uses words like "unfortunately", "please", and signs off "from your friends at Netflix").
    5. Presses you to respond within a certain time (in this example, 24-48 hours).
    6. Presents links disguised as an official looking button (in this example, "update payment").

    Scam email #3: Order misplaced

    New message

    From: Amazon13131213@Amαzon.ca

    Subject: Your action is needed

    Body of email: (Amazon logo)

    Sorry, we seem to have misplaced your Amazon order.

    Don't worry, we're ready to help find it and get it back to you as soon as possible.

    All we need is for you to click on the button and fill out your information so we can get your order back to you.

    We will also throw in an Amazon gift card as an apology.

    Recover your Amazon order and receive your gift card here: Receive gift card

    Thank you for choosing Amazon and sorry for any inconvenience.

    Amazon recovery team (end of example)

    1. Uses the official company logo as the header to trick you into not looking too closely at the message.
    2. Uses a spoofed email address (Amazon13131213@Amαzon.ca). It looks legitimate but has a subtle but different character - α - inserted in the email domain.
    3. Pushing you to take action (in this example, "All we need is for you to click on the button and fill out your information").
    4. Uses a friendly or apologetic tone to make it seem like they want to help you (in this example, saying "Sorry" and "Don't worry").
    5. Offers you a prize for cooperating (in this example, offering an "Amazon gift card").
    6. Uses a professional signature to seem legitimate (in this example, "Amazon recovery team")

Related Links

Phishing: Don't get reeled in
The 7 red flags of phishing
What is phishing?
Three common types of phishing scams
Signs of a phishing campaign: How to keep yourself safe
Spoofing: An introduction
Start making cyber security a part of your online life
How older adults can protect themselves from the most common cyber security thr…
Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: