“A Friendly Warning”: Phishing Emails Posing as Alerts

Post hero image

Table of contents

See Hoxhunt in action
Drastically improve your security awareness & phishing training metrics while automating the training lifecycle.
Get a Demo
Updated
August 28, 2024
Written by
Maxime Cartier
Fact checked by

Cybercriminals are at it again with a clever new tactic to trick people into giving up their information. In an unexpected twist, they're sending emails warning you about phishing attacks.

What's the story behind this sneaky approach? How can you ensure that you don't get caught in the net?

This new tactic might trick even those familiar with phishing strategies

We're used to getting phishing emails that attempt to steal our personal information. How about getting an email that looks legitimate and warns you about the dangers of phishing?

The message may seem helpful, telling you to protect your account or check your information to stay safe from malicious actors. But here’s the catch: this email is part of a phishing campaign.

This method is clever because it's so simple. It appears to be a friendly warning from a source you can trust. This new, subtle tactic could trick even people familiar with common phishing strategies. Occasionally, these campaigns are clone phishes that use duplicates of legitimate emails from trusted companies to increase credibility.

Nordea clone phish warning users of phishing scams

Protecting yourself from fake phishing alerts

These misleading phishing alerts may appear to come from real, trustworthy companies. It’s important to stay vigilant with emails, even when they seem to be from sources you recognize.

Here's our three tips for protecting yourself:

1) Pay close attention to the sender’s email address and try to spot any anomalies

For instance, would you notice the difference between dhl.com and dhI.com? When it comes to phishing, the devil’s often in the details!

2) Do a little detective work before clicking

Hover your mouse over the link to reveal the real URL it leads to—but remember, no clicking!

3) Genuine organizations rarely ask for your personal information, like passwords or social security numbers, over email.

Keeping up with the sly moves of cyber attackers is a crucial part of staying cyber-safe. To learn more about the latest threats and how to spot them, subscribe to Hoxhunt’s weekly Threat Feed below.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this