From Hilo to Hanalei, scammers don’t care where you live — they just want your information. In today’s digital world, phishing scams have become one of the most common online threats, and they come in many forms. Knowing how to recognize these attacks can help protect your household, your business, and your community.
Whether you’re a student, a caregiver, or one of our cherished kūpuna, here are 19 common phishing scams to look out for in Hawaiʻi and beyond. Share this list with your friends and family — awareness is our best defense.
Some scams use fake Wi-Fi networks at airports or coffee shops. Others impersonate Hawaiian Electric or a local credit union to gain your trust. A few even use Hawaiian words or names to appear more familiar and credible.
Phishing scams take advantage of our island values — our sense of trust, community, and aloha. But by learning the signs and types, we can protect ourselves and our loved ones from getting caught in the net.
A targeted attack aimed at a specific person, often within an organization. Scammers research their victims first, learning names, titles, and contact details.
Example: An employee receives an email about signing a “new handbook.” The link leads to a fake login page designed to steal credentials.
Uses phone calls or voicemails to trick victims into sharing information.
Example: Attackers pretend to be a family member or bank representative asking to “verify your account.”
The most common form. The scammer sends an email that looks legitimate and asks you to click a link or reply with personal details.
Example: Hackers used fake LinkedIn messages to target Sony employees and stole over 100 terabytes of data.
Scammers send “secure-looking” links (with HTTPS) that lead to fake sites.
Example: A hacker group sends a nearly empty email with a link that opens a fake login page, stealing company credentials.
Malicious software redirects you to a fake version of a trusted site.
Example: A worldwide attack redirected users to false banking websites to steal financial data.
Fake pop-up warnings claim your device has an issue, prompting you to call support or download “security software.”
Example: A fake AppleCare renewal pop-up installs malware when clicked.
Hackers create fake Wi-Fi hotspots that look real. Once you connect, they capture your data.
Example: Attackers used false airport networks to collect travelers’ login details.
Hackers infect websites frequently visited by a target group to spread malware.
Example: The U.S. Council on Foreign Relations’ website was once compromised in such an attack.
Targets executives or business owners with personalized scams.
Example: A hedge fund founder lost $800,000 after clicking a fake Zoom meeting link.
A hacker copies a legitimate email you’ve already received and resends it with a malicious link.
Example: An attacker replicated a previous business email and swapped in a fake “update” link.
Scammers impersonate well-known companies, warning users of “account issues.”
Example: Fake Apple emails claimed accounts were blocked and asked users to “validate” their credentials.
Uses manipulation and fear to pressure victims into revealing personal details.
Example: Someone posing as a bank employee urges you to confirm your card information to prevent it from being “locked.”
Happens on social media when fake profiles engage customers and request private details.
Example: Hackers pretended to be Domino’s Pizza on Twitter, offering “refunds” that required account info.
Text messages that contain fake links or urgent requests.
Example: Victims received messages pretending to be from American Express, directing them to a fake login page.
Hackers intercept communication between two parties to steal data.
Example: Unsecured Wi-Fi connections allowed attackers to steal users’ credit information on a financial app.
Fake websites mimic real ones to capture login details.
Example: A fraudulent Amazon site looked identical to the real one but had a slightly different URL.
Hackers imitate legitimate web domains or emails.
Example: A fake LinkedIn domain collected user credentials and sold them online.
Malicious code is hidden in images that install malware when clicked.
Example: Attackers embedded code inside online ad images that infected devices instantly.
Fake ads or websites appear in search results to trick users into sharing payment info.
Example: Scammers created fraudulent “Booking.com” ads that stole login details from unsuspecting travelers.
(Source: Fortinet Cyber Glossary)
Phishing can happen to anyone — but knowledge is power. Here’s how to protect yourself and your loved ones:
https://www.fortinet.com/resources/cyberglossary/types-of-phishing-attacks#
Phishing scams may be getting smarter, but Hawaiʻi’s people are smarter — and stronger — when we look out for each other. By learning the signs, sharing resources, and staying informed, we can protect our community and keep our digital ʻohana safe.
Coming Up: Protect Yourself and Your Loved Ones from Getting Phished.
