HacWare's phishing intelligence team has reviewed the worst phishing attacks from September 2021 and put them into 8 categories. Please share this information with your end-users to empower them to do their part to fight against phishing attacks.

Phishing Report from September 2021

Here are the Top 8 Worst Phishing scams from September 2021:

  1. COVID-19 Vaccination Forms & Passports - Bad actors exploited the concern about showing proof of vaccination and sent scams allowing users to gain access to a digital card. There are phishing emails exploiting the travel industry’s concern for travel safety in the midst of a pandemic. The phishing emails are luring travelers to apply for a digital passport on spoofed websites.
  2. Domain Verification - Cyber Criminals continue to use account verification phishing lures for the 9th month in a row. Cyber criminals are targeting domain registration users with scams impersonating WhoIs and asking for verification information. Beware of emails stating that ICANN is mandating domain verifications to keep web domains active.
  3. Maintenance Interruptions & Session Errors - Beware of text message based scams impersonating utility companies and notifying the users of a fake service outage. Cyber Criminals have been capitalizing on the natural disasters that happened and luring users into clicking on malicious links. Phishing messages about system maintenance and session errors telling users to login to keep their account active were a common trend this month. Always verify the sender and verify requested actions with another contact.
  4. Incomplete KYC Surveys Accounts Blocked - Bad Actors are sending SMS-based phishing attacks also known as smishing messages to banking customers telling them their account will be deleted because they did not complete the KYC survey.
  5. UnOpened Emails - Threat actors are luring users to provide email information by impersonating popular banks and other brands stating they noticed that emails have not been opened.
  6. NFT Bug - Beware of emails stating that the NFT marketplace OpenSea has a bug and need you to provide access information to resolve the issue.
  7. File Sharing - Bad actors are sending malicious files and tricking users to click on malicious links because they are impersonating Google Drive and Dropbox.
  8. Economic Impact & Pandemic Relief - Watch out for emails impersonating the IRS about economic impact payments. Cyber criminals are also impersonating Non-Profit Foundations like the Walmart Foundation and stating that they are providing pandemic relief payments.

Download the FREE 1-Page Report to disperse to your end users.

Learn More about our Developer API?

To learn more about the HacWare Security Awareness Developer platform, Go to the HacWare for Developers page. Click here to get started!  


HacWare makes it stupid easy for software developers and IT Service Providers to launch cybersecurity education solutions to combat phishing attacks.

Learn more about HacWare at hacware.com. If you are a Managed Security Service provider (MSSP) or IT professional, we would love to automate your security education services, click here to learn more about our partner program.