Cybercriminals are increasingly using sophisticated tactics to target unsuspecting users through phishing emails and fake news stories, security experts warn. Recent examples highlight how hackers exploit urgency, impersonation, and malicious attachments to trick victims into revealing sensitive information or downloading harmful software.

A phishing attempt can come in the form of an email with the subject line “Quick favor needed.” According to cybersecurity analysts, such subject lines are designed to create urgency and prompt quick responses.

The sender’s name was unfamiliar, and closer inspection of the email address revealed an impersonation attempt. The address used the name of a well-known food delivery service, Deliveroo, but with a deliberate spelling error to appear legitimate.

The email included what was described as a “screenshot” attachment. However, the file was not an image but an HTML document disguised as one. Code inside the file redirected to a counterfeit Deliveroo website featuring a message that appeared to be loading content, along with a button instructing users to “Click here if your page does not load automatically.”

Experts note that clicking such links often leads to malicious websites capable of installing malware. The email displayed nearly all the hallmarks of a phishing attack: urgency, impersonation, and a misleading attachment.

Another case emerged through Google Discover, where a story about daylight savings time surfaced in the feed. Upon clicking, users were greeted with a pop-up warning that their device was infected with “two harmful viruses.”

The fraudulent message further claimed that the infections originated from “recent adult sites” and warned that a phone’s SIM card, contacts, and data could be damaged unless a recommended app was installed. Instead of directing users to the Google Play Store, the link led to a third-party website prompting the download of an APK file.

Such apps often request unnecessary permissions, potentially granting cybercriminals access to personal data or enabling them to install dangerous malware under the guise of system updates.

Security specialists emphasize the importance of staying calm and skeptical when encountering suspicious messages. Hackers often attempt to provoke emotional responses to drive quick, careless actions. Warning signs include:

To minimize risks, experts recommend using password managers to generate and store unique credentials, installing reputable antivirus software, and regularly updating knowledge on emerging cyber threats.

Cybercriminals frequently recycle tactics across different platforms, making awareness and vigilance the strongest defenses.