A vast quantity of phishing emails get sent every day, trying to convince their recipients to click or open an attachment, some messages definitely stand out from the crowd.
Some of these are outstanding and very difficult to distinguish from legitimate emails. Some of them, on the other hand, are such failures that there is hardly any chance for them to be taken seriously. Since the aim of phishing is to get the sender to click on a link or open a file, some hackers are really less talented than the others.
As a part of our security awareness activities, we can't resist the urge to share some of the worst phishing emails we have received. We tried to guess what the author must be like.
This hacker was not really paying attention when he created his sender's name and he misspelt the word 'Apple'. Not very smart. And a pity, since he had taken great care to produce a convincing-looking piece of work.
Spelling mistake again!... See what happens when a hacker is too hasty! Nobody believes him anymore. Too bad, as the rest of the email was rather good.
The content of the email was included in a picture mimicking the email's body. It was meant to make it more attractive for the reader. Unfortunately, the (junior?) hacker forgot to check if the image was displaying correctly before he sent the message. A shame, as it is unlikely that the recipient will click on a empty area.
We still haven't understood the meaning of this mysterious message, nor the motivations of the sender. What was he looking for? What did he want? Are we in a parallel universe? So many questions, so few answers... But there again, it seems unlikely that the recipient will click.
Wow, a message from Heaven! The hacker does not seem to suffer from an inferiority complex, but maybe he would have been more credible if he had aimed lower...
This hacker did not even try to use a gmail address matching the supposed sender's name, even though it would have been easy to do so. He obviously also had S-ome L-a-Y-out problems. Beginner's nerves ?
The sender wanted to make a good impression. Don't they say a picture is worth a thousand words ? A logo is certainly good for credibility. It might however have been better to retain the original proportions.
This hacker prefers keeping the message clean and simple : four lines, four ideas. But he is betrayed by his email address. And, of course, the recipient of such a message would be well advised not to open the attached file, which is certainly contaminated.
This hacker is totally uninhibited. Although he tries to pass as Swisscom, he does not bother to cover up his e-mail address or that of the clickable link, both of which have nothing in common with the Swiss operator. The chances are slim that the recipient will fall for this.
Slav hackers sometimes have a hard time sending phishing emails, as Cyrillic fonts do not always convert smoothly to Western European encoding. This often betrays them, as you can see below.
'Get noticed', that's the hackers' motto ! A message written in capital letters is a very good way to raise awareness, as it will look both urgent and important. Spelling? Actual meaning? Who cares?
A message from the Warren Buffet Foundation, sent from a Russian email address? Why not? Google translate might however not be the best tool to elaborate a credible altruistic message.
Nothing extra here, the hackers goes straight to the point. He wants the recipient to open the attachment, and his message is exactly five words long. There is however no relation between the sender, the message title and the name of the attachment, which is not very incitative.
Again, the hacker seems to think that a logo will generate immediate trust. As a result, he does not even try to make the email look legitimate: the logo is distorted, and both the sender's email address and the clickable link have nothing to do with Apple.
The hacker wanted to cast a wide net and reach both Apple and Microsoft users in one single phishing email. You won't see it anywhere else: a message supposedly coming from Apple includes a Microsoft logo in the footer. Convincing ? Yeah, sure...