Sample Phishing Email

Sample Phishing Email
In order to educate the TU campus on how to recognize phishing attempts, the Office of Information
Security has provided samples of actual phishing emails. Items in Red text are suspicious.
Phishing email example 1:
-----------------------------------------------------------------------------------------------------------------------------------------From: <Smith>, John <jsmith@college.edu>
Date: Monday, February 2, 2015 at 7:23 PM
Subject: COMPULSORY FOR ALL STAFF of Towson University ; URGENT MIGRATION TO OUTLOOK WEBMAIL FOR 2015 SESSION!
Dear Staff of Towson University ,
We are welcoming you into the new year of 2015, today been 02.02.2015, we are migrating
all staff email accounts into Staff Outlook 2015 office web mail and as such all active staff are
to verify and log in for the upgrade and migration to take effect now.
NOTE: Failure to verify your email by following the directives above will lead to loss of all your
mails and information from this service and they cannot be recovered.
Please all Staff Click Here to verify and migrate to outlook 2015
Note that, after circulating this notification across all email service and accounts, we will start
deactivating and deleting unverified and inactive email accounts without any further notice
that did not migrate in the next 24 hours.
Failure to verify your email by following the directives above will lead to loss of all your mails
and information from this service and they cannot be recovered.
Regards,
External Email Administrator,
Towson University
Copyright 2015
-----------------------------------------------------------------------------------------------------------------------------------------Did you notice:





It is from a “college.edu” address – why is someone from a non-Towson address
contacting me about my TU email?
Poor spelling/grammar/capitalization – why is the entire email in bold?
It is from “External Administrator” – why isn’t this from The Office of Technology Services,
Office of Information Security or other known Towson University office?
This is an urgent first notice - why is this so urgent, yet I’ve not heard about it prior to this?
The link URL is disguised - why is the address hidden if it is legitimate?
Phishing email example 2:
-----------------------------------------------------------------------------------------------------------------------------------------From: "Smith, John" <jsmith@college.edu>
Date: May 13, 20XX at 10:26:43 AM EDT
To: "Smith, X" <Xsmith@college.edu>
Subject: RE: MAILBOX EMERGENCY SECURITY ALERT !!!
Your account safety is our top priority.
Account Update/certification notice: Dear Outlook Account User,
This message is from Outlook user care messaging center, to all Outlook account owners. We are
currently upgrading our data base servers, and e-mail account center. Recently, we have
detected some unusual activity on your account and as a result, all email users are urged to
update/certify their email account within 24 hours of receiving this e-mail, using the update
link: ITS-SUPPORT to Certify and Confirm that your email access and that your account is up to
date with the institution requirement.
Do not ignore this message to avoid termination of your web-mail account.
Our apologies for any inconvenience this may have caused, but your account safety and privacy is
very important to us.
Thanks for your co-operation.
ITS help desk
ADMIN TEAM
©Copyright 2014 Microsoft, Inc.
All Rights Reserved
-----------------------------------------------------------------------------------------------------------------------------------------Did you notice:





It is from a “college.edu” address – why is someone from a non-Towson address
contacting me about my TU email?
Poor spelling/grammar/capitalization – why is the wording just a bit off?
It is from “ITS Help Desk” – why isn’t this from The Office of Technology Services, Office
of Information Security or other known Towson University office?
Subject is unspecific and unidentified - Why is “RE:” in the subject?
The link URL is disguised - why is the address hidden if it is legitimate?
Phishing email example 3:
From: ѕегνісe@pауρаl.cο.uk [mailto:service@javor.si]
Sent: Wednesday, January 28, 2015 2:11 PM
To: Smith, John
Subject: Υouг PаyΡаl асcount is lіmіted
Dear jsmith@towson.edu,
Due to many unsuссеѕѕful logіn аttempts to your Pауρаl acсоunt, and to protесt you agаіnѕt any
unauthοrized use of your info, we have tempοгагіly limіtеd асcess to youг асcount.
To enѕures that you are the acсоunt holder, we mау аsk you to cоnfirm іnfοгmаtion you specified when you
oρеned youг асcount.
Please Log іn to your pегѕоnal раge in ordег tο геmοve limіtаtіon.
Pleаѕе note that fаіluгe to comрlеtе this step will automаtісаlly removе уοuг асcount from verіfіеd ѕtatus.
Yourѕ ѕіnсегеly,
PаyΡаl
Plеаse do not reρlу to this emаil. This maіlbοχ іs not monitoгеd аnd уou will not receіνе а геѕponse. For
assіѕtаnсe, log іn tо уоuг РayΡal acсοunt and cliсκ the Help lіnk in the top right corner of any PауPаl page.
Cоρyright à 1999-2015 ΡаyPаl. All rights rеѕеrved.
PауPаl (Europe) S.à r.l. et Cie, S.C.A.
Soсіété en Cοmmandіte par Actіοns
Regіѕtеred Office: 5th Floor 22-24 Boulеνаrd Royal L-2449, Luxembourg
RCS Luхеmbourg B 118 349
ΡΡID PP232 - 2b9b1e1381f
Did you notice:





The email is from “Paypal.co.uk” and not “paypal.com” – why isn’t this originating from the
actual company?
The “from” emails addresses do not match – why aren’t the “mailto:” and the display email
addresses the same?
The email opens referencing your email address and not your name – why wouldn’t they
have my name if they have legitimate access to my account?
Poor spelling/grammar/capitalization – why is the wording just a bit off?
The link URL is disguised - why is the address hidden if it is legitimate?
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising