Security awareness

Nine Major Phishing Attacks of 2018 (and How to Spot Them)

Howard Poston
September 18, 2018 by
Howard Poston

Phishing attacks are the most common type of cyberattack for good reason: because they work. If an attacker can convince you to click on a link in a phishing email and enter your credentials, it saves them a lot of trouble hacking into a network and cracking passwords.

The details of phishing scams change from year to year, depending on the pretexts that social engineers can use to convince you to click on a link or open an attachment. Here, we will discuss phishing email examples from some of the top phishing schemes of 2018.

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

1. Account Verification

One of the most common types of personal phishing emails targets users’ accounts on common social media or vendor sites. You’ll receive an email that appears to be coming from a major company (such as Facebook, Apple, Netflix or Amazon) stating that some issue exists with your account and that you need to sign in to correct it. Links within the email take you to a website that masquerades as that company’s legitimate site and asks for your login credentials. As a result, an attacker steals your login credentials for use on that site and to test for reuse on other common sites.

2. Cloud-Based File Sharing

Cloud-based file-sharing services like Google Docs, Dropbox and Office365 make business more efficient by providing a fast and easy way to share files and folders across teams. However, the frequency of use and the normality of receiving unexpected documents has made them a prime attack vector for phishers.

A common phishing attack consists of a link to what appears to be a shared file on Google Docs, Dropbox or some other file-sharing site. In reality, the link will point to a page pretending to be that file-sharing site and requesting a login. This can be used to steal a victim’s credentials or infect the victim’s computer with a malicious file.

3. Cryptocurrency ICOs

Blockchain and cryptocurrency have become very popular over the last couple of years. In cryptocurrency, an Initial Coin Offering (ICO) sale is a crowdfunding event where the creators of a new cryptocurrency ask the public to send them cryptocurrency to help fund development. The developers provide their address on a well-known cryptocurrency (like Bitcoin or Ethereum) for the money to be sent to.

Due to how these blockchains work, it’s impossible to prove that an address actually belongs to an individual. Phishers have taken advantage of this fact by sending out fake ICO sale announcements for popular cryptocurrencies, with the announcement pointing to an address controlled by the attacker. Recipients who want to participate in the sale send cryptocurrency to that address, providing the phisher with a means of profiting from the attack.

4. Docusign

Docusign is a service designed to allow people to digitally sign documents, making it easier to sign leases, contracts and similar paperwork. Since Docusign notifications of signature requests come from a Docusign email address, people don’t expect them to come from an email address that they recognize and trust. Phishers take advantage of this by sending emails that come from a domain that looks similar to the Docusign domain or sounds plausible. If you click on the link, it’ll ask you to sign into your email account to see the document, giving the attackers control of your inbox.

5. Fake Invoices

According to Symantec’s 2018 Internet Security Threat Report, fake emails are the primary means by which phishers disguise and distribute malware. By claiming that an attached Office or PDF document is an unpaid invoice and that service will be terminated if it remains unpaid, a phisher increases the probability that the target will open it. This type of spearphishing email can be very effective against both individuals (by pretending to be Amazon, Apple and other such retailers) or businesses (by impersonating one of their vendors or suppliers).

6. General Data Privacy Regulation (GDPR)

The General Data Privacy Regulation (GDPR) is a European Union (EU) privacy law that went into effect May 25th, 2018. This regulation increased the requirements and penalties for the protection of EU citizen data, and many organizations were unprepared for the new regulation. As a result, phishers used the pretext of providing information or services related to preparing for the regulation as a lure for phishing emails in early 2018.

7. Package Delivery

Everyone loves getting presents, but if you get a delivery notification for a package that you don’t remember ordering, it’s probably a fake. This is one of the older phishing scams out there: An attacker will pretend to be FedEx, DHL or another mailing service and provide you a delivery notification with a link or attachment containing the details of your order. When you go to look up what’s arriving in your mailbox, you’ll be infected with malware or tricked into providing the attacker with your credentials.

8. Political Campaigns

In 2016, phishing emails about the United States Presidential election were common. In 2018, it was Russia’s turn. Russia’s Presidential election was held on March 18th, 2018 and in the run-up, emails asking for participation in public opinion polls were common. In some cases, phishers would promise a reward for participating, incentivizing people to provide their credit card or bank information. As a result, the attackers were able to transfer money out of the target’s accounts.

9. Tax Scam

Everyone hates tax season and phishers make it worse by taking advantage of it. In the weeks and months leading up to tax season, it’s not unusual to see a sudden increase in the number of phishing emails claiming to originate from the U.S. IRS, the U.K. HMRC and other government tax authorities.

These emails typically claim that an individual is delinquent on their taxes and provides an alleged means to fix the issue before additional fines or legal action are pursued. But if you follow the instructions in the email, your money goes to the phishers rather than the government.

Conclusion: Protecting Yourself From Phishing Attacks

Phishing is one of the simplest and oldest types of cyberattacks. It’s still around because people continue to fall for it.

Protecting yourself from phishing emails is simple. First, check that the email is from a reputable address and not just a lookalike or something that sounds legitimate. Second, never click on hyperlinks in an email. Always go to the site directly in your browser and find the page using internal links. If you can’t, it’s probably a scam. Finally, don’t trust attachments. Both Office documents and PDFs can contain malware. If you get a document that you didn’t expect, pick up the phone and make sure it’s legit before opening it.

Following these three simple steps can help save you major headaches from phishing emails.



Internet Security Threat Report, Symantec

Spam and Phishing in Q1 2018, Kaspersky Lab

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

5 of the Most Notable Phishing Attacks of 2018 … So Far, Barkly

Howard Poston
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at or via his website at