HacWare's phishing intelligence team has reviewed the worst phishing attacks from October 2021 and put them into 8 categories. Please share this information with your end-users to empower them to do their part to fight against phishing attacks.

Here are the Top 8 Worst Phishing scams from October 2021:

  1. Delivery Alerts - Delivery phishing attacks have been one of the most common types of phishing lures in 2021. These attacks started back in February 2021 with Missed Delivery scams over email and text then progressed to final attempt impersonations and continued in October with fake reschedule delivery alerts.
  2. Bank Activity Alerts (PayPal, Bank of America, Chase) - Scammers are impersonating banks with elaborate alerts about IP conflicts and account closures. They also continued to lure customers with purchase verifications or login verifications. Beware of messages stating “We’re letting you know we have detected multiple IP conflicts on your online account...”
  3. Account Alerts (Invalid Logins,Blocked Account & Reactivations) - Fake account alerts have been a common phishing attack used throughout 2021. In October there was a large volume of phishing attacks impersonating coinbase and targeting various crypto-currency, NFT marketplaces, and other financial institutions. They often mentioned suspicious activity to lure customers into fake account reactivations.
  4. Google Ads Malvertising (Beefy Finance) - Criminals are buying google ads and linking to spoofed websites that are impersonating financial brands like Beefy Finance to steal user data to breach financial security. When using search engines check the linked url to make sure it is going to the correct website.
  5. Billing Cycle Gifts - October and September had a surge of smishing attacks impersonating cell phone carriers like Verizon. Bad actors lured mobile customers with free gift scams for paying bills on time. Beware of text messages stating “{Current Month} bill processed. Thanks! Here is a little gift for you!” These messages are often showing a tiny link.
  6. Covid Passes - Beware of text messages about getting a COVID pass and stating that failure to apply will result in a fine. Cybercriminals are impersonating the National Health Service (NHS) and many other organizations.
  7. Private Email Replies - Business email compromise scams are the most successful types of phishing attacks. In October, scammers would take over a business email account and email the contacts asking them to start communicating with them using their fake personal email account. Beware of messages that stage, “Kindly reply to this message using my personal email address {person@fakeemail.com}”
  8. Invalid cPanel Security Token - Cybercriminals are impersonating website management tools like cPanel and asking administrators to login because their session has expired. The goal for this attack is to take over the website to steal user data or even clone the website for future phishing attacks.

Download the FREE 1-Page Report to disperse to your end users.

Learn More about our Developer API?

To learn more about the HacWare Security Awareness Developer platform, Go to the HacWare for Developers page. Click here to get started!  


HacWare makes it stupid easy for software developers and IT Service Providers to launch cybersecurity education solutions to combat phishing attacks.

Learn more about HacWare at hacware.com. If you are a Managed Security Service provider (MSSP) or IT professional, we would love to automate your security education services, click here to learn more about our partner program.