Example Phishing Attacks


 

There are countless ways attackers can craft emails to try to convince you to open files or click links and divulge information.  The following are examples of phishing emails similar to real phishing attacks we’ve seen.  We have added notes in red to help you identify each email as a scam.

 

Phishing example #1 

From: Jim Smith <Jim@comp-help.de>1
Sent: Monday, April 25, 2016 4:13 PM

Subject: ITS Help Desk 2 

To All

 

we are in process of upgrading your mailboxes Server Exchange 2015 to 2016.  3 The user experience for Outlook Web App 2015 has changed. Please Click on Outlook Web Access/OWA/2016 4 
 We apology 5 for any inconvenience


 

IT Help Desk

 

Notes for Phishing example #1

  1. Unknown from address (Be aware that the from address can be spoofed)
  2. Misspelling (using ITS instead of IT)
  3. Awkwardly phrased sentence
  4. If you hover over the link, you can see the link is not related to your company (DO NOT CLICK IT!)
  5. Grammar error

 

 

 

Phishing example #2

From: Haus, Sondra
[Haus@centracare.com] 1
Sent: Friday, April 15, 2016 10:11 AM

Subject: Notice of compensation (salary) increase 2‏ 

Hello,

You are qualified for pay increase on your next paycheck, follow steps below to immediately confirm your details. 3 Allow few hours for your congratulatory letter to be delivered to your email after confirming your details below.

Click here to confirm your details: 4

                        http://employee-compensation 5

 

we thank you for your ongoing commitment to excellence here. and congratulate you on your outstanding performance! 6 please note and be advised that matter relating to salary are confidential in nature and should not be divulged to other employees.

  

Sincerely,

Human Resources

 

Notes for Phishing example #2 

  1. HR email from an address is outside the company (Be aware, from addresses can be spoofed)
  2. Be cautious of any email mentioning salary, this is a very common phishing trick
  3. Grammar issues
  4. Why would HR need your information, don’t they already have it?
  5. Hover over the link to see where it’s really taking you!  DO NOT CLICK!
  6. Grammar issues

 

 

Phishing example #3

From: Jonathan Doe 
[Jon.Doe@slcc.edu] 1
Sent: Friday, April 28, 2016 11:22 AM

Subject: SLCC Parking Satisfaction Survey (Win a $50 gas card) ‏ 2 

To SLCC faculty and staff:

Over the past year SLCC has been making strides to improve parking on campus.  We would love to get feedback from the members of our community.  Below is a link to a short 5-minute survey where you can tell us how we’re doing and suggest future changes. 

As a way of thanking you for your time, we will randomly select fifteen people from those who filled out our short survey to receive a free $50 prepaid gas card.

Survey Link 3

 

Thank you for your feedback,

Parking Department
Salt Lake Community College

 

Notes for Phishing example #3

  1. Although the email seems to be coming from a legitimate slcc.edu address, keep in mind that email addresses can be spoofed!
  2. Attackers often promises of rewards to entice users to click on their links.
  3. Hover over the address to see the true link.  NEVER click on a URL that has an IP address (4 sets of numbers) instead of a domain name.

This type of attack is much harder to recognize because the attacker carefully crafted the email to appear like it came from our institution.  When in doubt forward the email to infosec@slcc.edu so we can investigate the email for you.

 

 

Phishing example #4   

From: John Doyle [mailto:mosingalla@t-online.de] 1

Sent: Tuesday, April 26, 2016 9:07 AM

Subject: Salt Lake Community College - eBill INV0001173364
Attachment: 0008878_Salt_Lake_Community_College.doc 2

Dear Jay, 3

 

I am contacting you in regard to invoice # 0001173364. 4 The invoice is now past due since April 25th with a negative balance of USD 1,587. We kindly request that you remit payment as soon as you can.

We'll mail you a copy of this invoice to:

 

Salt Lake Community College

Salt Lake City, UT

 

We hope for your timely deposit. Please email us if we can be of any assistance.

 

Kind Regards,

John Doyle
Balboa Thrift and Loan Association 

 

Notes for Phishing example #4

  1. Unknown email address, although emails can be spoofed!
  2. Unsolicited attachment.  DO NOT open attachments if you’re not expecting them.  This attachment may install malware on your computer. 
  3. Attackers may customize their email for you.  Just because the sender knows your name, and work position doesn’t mean they’re legitimate
  4. Validate the invoice number against your records.  If you have no records of this invoice number, it’s probably a phishing attack 

 

 

Phishing example #5

From: E-mail Administrator <admin@upgrade.com> 1
Sent: Thursday, April 28, 2016 3:34 PM

Subject: Do not loose your E-mail 2 

Attn: Email User,



 

We have upgraded our database as our yearly security update & privacy 
policy specification.

 

Please take a few moment 3 to re-confirm your account by following the link 
below as to verify your account 4 and update to our new upgraded server.



 

VERIFY AND UPGRADE NOW5

(If above link is not working, move email to inbox)
 6


 

*Please note that changes to your account profile will not take effect until after
upgrade is completed. 



 

Regards 


E-mail System Administrator 
7

*This email is should be attended to with urgency to avoid account suspension* 8

 

Notes for Phishing example #5 

  1. Unknown Email address not from the organization (but remember From addresses can be spoofed)
  2. Spelling error.  Also using a sense of urgency
  3. Grammar error
  4. Unless you’re in the process of setting up a new account, be very cautious of any email asking you to verify your account.  This is almost always a scam.
  5. Hover over the link to see it’s taking you to an unknown URL – DO NOT CLICK!
  6. Legitimate senders don’t worry about their emails going to spam folders
  7. No clear sender.
  8. Threatening suspension to give a sense of urgency.

 

 

Phishing example #6 

From: Jane Doe [Jane.Doe@slcc.edu] 1

Sent: Saturday, May 14, 2016 7:42 AM

Subject: slcc Outlook

 
Your slcc Outlook Exceeded it storage limit CLICK=HERE 2 fill and click SUBMIT for more space or you wont be able to send Mail. 3

 

Notes for phishing example #6

  1. Although the message appears to be coming from someone at slcc.edu, remember addresses can be spoofed, and accounts can be hacked.
  2. Hover over the link to see where it's really taking you.  Although google isn't a malicious site, a malicious user on google can set up a form to collect usernames and passwords.
  3. Threat to cut off email.

If your outlook does exceed its storage limit, you will get a notice asking you to reduce the size of your mailbox.  OIT will not ask you for your password.  If you're unsure about an email, forward it to infosec@slcc.edu and we will investigate it and let you know if it's legitimate or phishing.