Email phishing tactics revealed

Scams exist.  That is the simple truth, there are honest people and then there are others who try to cheat.  Email and the technology age facilitate scamming through email.  Often these emails promise jobs or an irresistible offer, but sometimes they are more subtle then that.  This article analyzes the types of email phishing traipsing around the World Wide Web so that, armed with the knowledge of email phishing attacks, you can avoid them in the future.

Job Scams

The first type of phishing I will look at are job scams.   These scams come in three flavors.  First there is the money mule, second the pyramid scheme, and finally the stolen goods mule.

Money Mule:

The life of a money mule begins simply enough.┬á An email arrives, often unsolicited, that asks whether or not you would like to change careers, receive copious amounts of money, and work unsupervised.┬á Who wouldnÔÇÖt want that?┬á The job ads might call this position a payment processing manager, fund manager, transaction processing agent, or some other legitimate sounding name.┬á Those who accept the position are instructed to transfer funds from one account to another, in the meantime gaining a percentage on the amount transferred.┬á It seems like an easy job with more than adequate compensation so whatÔÇÖs the catch?

If you read the fine print you will see that this is just a basic money-laundering scheme.┬á These money transfers the person engages in are illegal since the funds transferred are stolen.┬á Those who participate could be fined or jailed.┬á In the best case scenario, participating in such a scheme, even unknowingly, could result in a freezing of the victimÔÇÖs account, while investigations go on.

There is another variation you should be aware of.  Instead of transferring money over the wire some scams may ask you to deposit checks and then wire money elsewhere.  The check will arrive in the mail and you go to cash it taking your promised percentage.  The problem happens when the check bounces and the bank deducts the money from your account along with a fine after you have already wired the money elsewhere.

Pyramid schemes

A pyramid scheme is much like the old chain letters people received when the post office was the en vogue form of communication.┬á The way this scheme works is simple and very identifiable.┬á One person begins at the top of the pyramid and recruits a few other people to ÔÇ£investÔÇØ some amount of money, say $100, into the initial investor.┬á These new recruits go out and recruit more people, who recruit more people thus promulgating the scam further.┬á The fraud comes in when people closer to the bottom of the pyramid cannot recruit enough people to pay off those who are a level above them, thus losing money.┬á There are many types of pyramid schemes that have similar motives and results: invest in order to see a profit, but there is nothing tangible to invest in.┬á Other similar schemes are called, ponzi schemes, chain letters, and multilevel marketing.

Stolen Goods Mule:

Stolen good phishing schemes are similar to the money mule scam as they are a way for people to launder goods.  Emails for these positions will describe a position for a fake company that needs someone to send products out to customers.  Victims are told that the company will be ordering the products from another source when they are purchased through their web site.  Those who accept such positions will be asked for their address where goods will be shipped.  They are expected to further the shipment along to other addresses.  These shipments are either outright stolen or purchased with a stolen credit card.

These companies also like to trade in information.  They find that the personal information of individual people is worth quite a bit.  Furthermore, in order to get this information out of a potential victim they pose as legitimate inquiries.  However, once they have attained the information they will sell it to whoever will pay.

Irresistible Offer:

The second type of phishing message is the irresistible offer.┬á Here is the ultimate dream held by many Americans: Get rich quick.┬á In this type of phishing, this dream of getting rich quick is exploited by informing you of your good fortune and how to make the dream come true.┬á Take, for example, an email from Williams and Williams Probate division saying youÔÇÖve inherited $1 million from your distant relative in the UK.┬á Elated and overtaken with joy at your good fortune, you are asked to provide bank and other personal information so that the money can be wired to your account.┬á As you wait for the money to arrive the attackers drain your account instead.

Spear Phishing:

Another form of phishing is called spear phishing.  This method utilizes messages that look like they come from a company you do business with like eBay, PayPal, Amazon, Facebook, etc.  Spear phishing messages provide you with a link to what appears to be the site and they ask you to log in or to update your password.  After you have authenticated, albeit to an improper source, they have access to your account via the information provided to then when a username and password is entered into the false website.  You should beware of any message asking you to login or change a password.  This type of phishing is why companies often state that they will not ask for account information via email.

Whale Phishing:

The last form of phishing I will look at is called whale phishing.┬á Whale phishing is a specific attack against an individual with wealth or access to valuable assets or information.┬á Think of con movies, such as OceanÔÇÖs eleven, and to what these movies define as a whale.┬á They like to think of whales as high rollers, people with copious assets.┬á The casinos recognize these people and often set them up with fabulous suites and fantastic food, free of charge.┬á The idea being that these rich people will gamble away much more then the room or food cost the casino.┬á This concept of high rollers can be translated into the world of phishing life.┬á One example of whale phishing is an attack on an executive where supposedly the US Court wanted subpoena records.┬á These emails are customized for the individual so they often look credible.┬á The executive was directed to click on a link, and by doing so inadvertently installed malware that would spy on the computer and report back to the phishers.

Awareness of such attacks is increasing but the mere fact that the average user still receives so much spam means that it must be paying off for someone.┬á DonÔÇÖt be the one who gets burned.┬á Educate your employees on the risks.


There are steps that can be taken in order to safeguard yourself against potential malfeasance.  First, always pay attention to the website you are visiting.  Oftentimes, phishers will set up a mirror site that looks exactly like the site you want to see.  Always be skeptical and go to the website directly rather than clicking on any link provided in an email.  Be wary of hyperlinks within emails and remember that banks will not ask for personal information via email.  Installing anti-spam software from a reputable source will greatly diminish your vulnerability to an attack.  Finally, if something phishy does occur to any one of your accounts, change your password and secret questions.

Scamming happens, that is a simple fact.  Today I looked at multiple ways that a person could get burnt ranging from spear phishing to a money mule.  In any case the best defense is a proactive one.  Pay attention to your financials, and always protect your personal information.  Be cautious about any offer that seems too good to be true.  Follow these steps and the job of sifting out what is potentially dangerous versus what is benign becomes much easier.