Phishing is getting nastier – Here are 3 examples

Share this page

At Proton Mail, your security is our number one priority. Normally, this means protecting your inbox from unauthorized outside access. However, rather than trying to hack your software, phishing emails try to hack you. By spoofing emails from trusted sources, scammers are hoping to fool you into letting your guard down just long enough to get sensitive information from you.

We’ve noticed some particularly devious attacks lately and we wanted to warn the Proton community. You can see three of them below. Would they have fooled you?

How does phishing work?

Phishing scams are designed to trick you into revealing sensitive information by posing as a trusted source, such as your bank or an online retailer. Scammers often send what appears to be an urgent email stating that your account has been locked or that you need to verify a high-value transaction. They’ll typically ask you to respond immediately by clicking on a malicious link or confirming sensitive information, like your login credentials or credit card number. 

You may then be redirected to the actual service website or receive a message thanking you for taking action. Unfortunately, the scammer now has access to your device or whatever information you shared.

Learn more about phishing attacks

First potential phishing attack

Imagine you open your inbox and you see the following three emails. Are they legitimate or phishing attacks?

If you said this is a phishing attack, you’re correct. It’s a new devious type of phishing attack that uses a legitimate domain (in this case, from PayPal) to send fake invoices. By abusing legitimate email domains, these phishing attacks are more likely to be viewed as legitimate by email services and the people being targeted.  

In February of 2023 alone, we detected over 15,000 phishing emails sent using these techniques.

The attackers hope you’ll call the phone number listed in the email to contest or cancel the charge. This number does not belong to PayPal. Instead of calling PayPal’s customer support, you’re actually calling the attacker pretending to be customer support. 

Typically, they’ll then inform you that you’ve been hacked and ask you to download a remote administration tool to your computer so they can fix the problem for you. If you fall for the ruse and download the program they send, you’ll actually give the attacker direct access to your device, allowing them to launch even more attacks.

Second potential phishing attack

If you said this was a phishing attack, you’re correct. Attackers often attempt to impersonate Proton Mail knowing that people trust us to protect their personal information. The first clue is the From field. While this email claims to be from Mail Support, but if you look at the email that follows, it doesn’t use a recognized Proton Mail domain (this one uses an domain). It also doesn’t have our Official badge (which is how we verify legitimate Proton Mail emails).

This is also a classic phishing attack in that it tries to instill a sense of urgency in you by saying you must confirm your account or it will be permanently terminated. 

Third potential phishing attack

If you said this was a phishing attack, you’re correct. This example contains plenty of red flags, such as the email address in the From field (it seems unlikely McAfee would use an domain) and the clearly incorrect McAfee logo at the bottom. 

This is a less sophisticated version of the PayPal attack, hoping to fool you into calling the given phone number so someone can convince you to hand over your account details,  

Use Proton Mail to find and block phishing emails

Maintaining this level of caution can be exhausting, especially when you have to deal with dozens of legitimate emails every day. Proton Mail makes this job easier. We block over 130,000 phishing attacks every day, we’re constantly on the lookout for new and creative strategies attackers use to avoid detection, we give you the tools to make educated decisions when faced with suspicious emails. 

Block scammers with PhishGuard

Proton Mail’s PhishGuard stops most phishing attempts before they ever reach your inbox. PhishGuard authenticates emails using DMARC, DKIM, and SPF checks. If an email fails authentication, Proton Mail will block it or notify you so you know which emails to examine more closely (as seen in example two).

Identify suspicious links with link confirmation

Attackers can hide malicious links in emails that may redirect you to another URL. Proton Mail’s link confirmation displays the actual URL you are being redirected to, allowing you to detect suspicious links hidden behind innocuous-looking text.

Use aliases to protect yourself against data breaches and phishing attempts

With email aliases, you can associate an alias with a specific service, allowing you to segment your contacts and detect imposters. 

For example, imagine you sign up for a website using an alias ( and then that website sends an email to your real email address ( In this case, you can assume it’s likely not a legitimate email, as the actual website didn’t have access to your real email address when you signed up.

Avoid malicious websites with NetShield Ad-blocker

Iif you have a paid plan for Proton VPN, you can turn on NetShield Ad-blocker(new window), which will prevent you from accessing sites that are known to be dangerous. 

Protect your account with physical security keys

Even if you fall victim to a phishing attack, you can protect your accounts by adding extra layers of security to your online accounts. With two-factor authentication (2FA), especially 2FA using hardware security keys like Yubikeys, you can physically verify that you are the account owner. This means that even if an attacker steals your login credentials, they cannot gain control of the account without the physical key associated with it.

Prevent attackers from accessing your Proton Account

Even if you accidentally compromise your Proton Account by falling for a phishing attack, you can still keep your data safe. Proton has automated account security protection that suspends accounts before attackers can get in. We also send login alerts for each login attempt. 

If you see a login alert that you didn’t trigger, you can always log out of all unauthorized sessions and change your password.

As phishing attacks become more sophisticated, it’s important to protect your data, and that starts with choosing a secure email. Start using Proton Mail today to keep your personal information safe. 

Protect your privacy with Proton
Create a free account

Share this page

Richie Koch

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

Related articles

In the public eye, Google presents itself as a champion of privacy. “Privacy is at the heart of everything we do,” its CEO said. But behind closed doors, Google is telling a different story to policymakers and actively fighting against privacy laws
The last thing you want when showing funny videos or holiday photos on your phone or tablet to friends and family is for them to see your sensitive and private photos. Although there are third-party apps dedicated to hiding your personal photos and
It can be slightly difficult to encrypt a zip file using the tools available on your Windows or Mac. Unlike encrypting a PDF or an Excel file, there’s no standardized software to use. You’ll need to rely on your device’s built-in encryption methods.
Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta