There are countless ways attackers can craft emails to try to convince you to open files or click links and divulge information. The following are examples of phishing emails similar to real phishing attacks we’ve seen. We have added notes in red to help you identify each email as a scam.
Phishing example #1
From: Jim Smith <Jim@comp-help.de>1
Sent: Monday, April 25, 2016 4:13 PM
Subject: ITS Help Desk 2
we are in process of upgrading your mailboxes Server Exchange 2015 to 2016. 3 The user experience for Outlook Web App 2015 has changed. Please Click on Outlook Web Access/OWA/2016 4 We apology 5 for any inconvenience
IT Help Desk
Notes for Phishing example #1
Phishing example #2
From: Haus, Sondra
Sent: Friday, April 15, 2016 10:11 AM
Subject: Notice of compensation (salary) increase 2
You are qualified for pay increase on your next paycheck, follow steps below to immediately confirm your details. 3 Allow few hours for your congratulatory letter to be delivered to your email after confirming your details below.
Click here to confirm your details: 4
we thank you for your ongoing commitment to excellence here. and congratulate you on your outstanding performance! 6 please note and be advised that matter relating to salary are confidential in nature and should not be divulged to other employees.
Notes for Phishing example #2
Phishing example #3
From: Jonathan Doe
Sent: Friday, April 28, 2016 11:22 AM
Subject: SLCC Parking Satisfaction Survey (Win a $50 gas card) 2
To SLCC faculty and staff:
Over the past year SLCC has been making strides to improve parking on campus. We would love to get feedback from the members of our community. Below is a link to a short 5-minute survey where you can tell us how we’re doing and suggest future changes.
As a way of thanking you for your time, we will randomly select fifteen people from those who filled out our short survey to receive a free $50 prepaid gas card.
Thank you for your feedback,
Salt Lake Community College
Notes for Phishing example #3
This type of attack is much harder to recognize because the attacker carefully crafted the email to appear like it came from our institution. When in doubt forward the email to email@example.com so we can investigate the email for you.
Phishing example #4
From: John Doyle [mailto:firstname.lastname@example.org] 1
Sent: Tuesday, April 26, 2016 9:07 AM
Subject: Salt Lake Community College - eBill INV0001173364
Attachment: 0008878_Salt_Lake_Community_College.doc 2
Dear Jay, 3
I am contacting you in regard to invoice # 0001173364. 4 The invoice is now past due since April 25th with a negative balance of USD 1,587. We kindly request that you remit payment as soon as you can.
We'll mail you a copy of this invoice to:
Salt Lake Community College
Salt Lake City, UT
We hope for your timely deposit. Please email us if we can be of any assistance.
Balboa Thrift and Loan Association
Notes for Phishing example #4
Phishing example #5
From: E-mail Administrator <email@example.com> 1
Sent: Thursday, April 28, 2016 3:34 PM
Subject: Do not loose your E-mail 2
Attn: Email User,
Please take a few moment 3 to re-confirm your account by following the link below as to verify your account 4 and update to our new upgraded server.
(If above link is not working, move email to inbox) 6
*Please note that changes to your account profile will not take effect until after upgrade is completed.
E-mail System Administrator 7
*This email is should be attended to with urgency to avoid account suspension* 8
Notes for Phishing example #5
Phishing example #6
From: Jane Doe [Jane.Doe@slcc.edu] 1
Sent: Saturday, May 14, 2016 7:42 AM
Subject: slcc Outlook
Your slcc Outlook Exceeded it storage limit CLICK=HERE 2 fill and click SUBMIT for more space or you wont be able to send Mail. 3
Notes for phishing example #6
If your outlook does exceed its storage limit, you will get a notice asking you to reduce the size of your mailbox. OIT will not ask you for your password. If you're unsure about an email, forward it to firstname.lastname@example.org and we will investigate it and let you know if it's legitimate or phishing.