Welcome to the most prestigious event in the world of cyber trickery: the first annual Avast Phishing Awards! Join us as we unveil the most noteworthy, side-eye-inducing, and downright dubious email headlines that made this such a year to remember.
2023 has been filled with many ups, downs, and scams. As we navigate the treacherous waters of the digital realm, let’s take a moment and make note of the tactics behind the phishing emails that graced millions of inboxes across the country this year. In some cases, they gave us a good chuckle. But others are actually well-constructed attacks that have tricked many into falling victim to fraud. Enjoy our list, and be better prepared to spot and avoid these attacks in the future.
The Urgency Unleashed Award goes to…
“ACTION REQUIRED! Verify your account info”
Our opening act is a classic. Like many of the nominees on this list, this type of phishing falls into the category of social engineering, where the scammer leans into the art of human manipulation. In this case, they use a common tactic known as “calling for urgency.”
They made the message seem important so that you would notice it immediately and not think twice about handing over your personal info or clicking a spoofed link. This headline takes home a Phishing Award because it’s smart–but you’re smarter! Always avoid suspicious links and attachments and be skeptical of messages that want you to act right away or suffer the consequences.
The Impersonation Excellence Award goes to…
“HR: Please update W4 for file”
Oh no. Sounds like you’re in some trouble at work. You may want to hurry up and click the link in that email to resolve the issue—or at least that’s what the scammer who used this headline wants you to think. Let’s all put our cursors together for this clever (yet avoidable) spear phishing attempt.
Spear phishing is a type of attack in which a cybercriminal targets a specific individual in order to gain access to sensitive information. In other words, they may know where you work and could use that info to pose as a trusted source and lure you into handing over sensitive information or clicking a malicious attachment. This wouldn't be an award show without a Best Actor, and this headline is up there with the best impersonations. But you can prevent falling for it by always carefully checking sender addresses for subtle spelling changes and verifying hyperlinks by hovering over the URL.
The Love Lure Award goes to…
"💋I’ve been searching for you"
Love is in the air, or so this phishing attempt would have you believe. Mixing romance and cybercrime, this headline is like a bad rom-com you never signed up for. This romance scam is meant to catch your attention, but mostly leaves us chuckling and rolling our eyes. This is one of the oldest and cheesiest phishing attempts in the book, right up there with the Nigerian Prince, but it’s still worth an award for its dedication to the role alone! Besides, there is a reason it’s still around today–sometimes it works.
In most cases, the scammer is hoping to make a connection and gain your trust with the promise of romance before eventually asking for money to help them with an emergency or difficult situation, promising to pay you back. Avoid falling for it by always being on your guard when chatting with someone you’ve never met in person. Oh, and always remember that Prince/Princess Charming won’t come knocking with shady requests and sketchy links.
The Subscription Scare Tactic Award goes to…
“Your membership has expired! Payment Declined”
Subscription-based drama takes the stage! This headline takes a stab at our streaming enjoyment, threatening to cut us off from our beloved shows. For many, when our services are supposedly cut off, panic mode is activated. That’s why this form of phishing is so successful and worthy of mention. These tricksters will pose as a legitimate streaming company, saying that there is an issue with your account and that your most recent payment didn’t go through, hoping that you will click the embedded link.
In some cases, especially during the peak of the shopping season, you may receive an email claiming to be from a company you recognize to trick you. The best way to avoid falling for this scare tactic is to stay vigilant and cast a critical eye over every email that lands in your inbox. You should never provide passwords, login details, or financial data to someone by phone, text, or email—even if the request looks legit.
The Cyber Espionage Award goes to…
"We’ve been watching your webcam"
For the grand finale, a performance that rivals the best spy thrillers. This headline claims someone has been watching you through your webcam, adding a dash of blackmail to spice things up. They may threaten you, saying that they have explicit photos or videos of you and that you need to pay up to keep your privacy safe. This is an email-based scam known as sextortion. They prey on your fear of insecurity and the prospect of embarrassment, hoping that you’ll pay up quickly rather than taking the risk of exposure.
If you ever find yourself in this situation, don’t panic! Before you consider paying hush money, remember that these are often empty threats.
It’s important to remember that these awards are no symbol of praise. Phishing emails do not deserve celebration. However, making a little fun of them can help disarm the scammers that send them. As we bid adieu to the antics of 2023, let's remember to always stay sharp, and stay informed on the latest scams that could wind up in our inboxes.
Cheers, and have a Happy New Year!