****UNDER MAINTENANCE****

This page describes email security.

Phishing Emails

We all know what to look for when it comes to phishing emails because it’s been covered repeatedly in basic security trainings.

  • Unfamiliar email addresses
  • Poor grammar and misspellings
  • Messages designed to evoke an emotional rather than logical response
  • Requests to pay now and receive large sums of money later
  • Romance scam/pig slaughtering

But what do phishing emails actually look like in practice? There’s a lot of “flavors” of phishing emails depending on the tactic being used, but here are a few examples.

Nigerian Prince scam (Advance Fee)

Img: [Redacted] This is bad because….

Hey, Pervert! (Sextortion) (Current copies include photo of associated address)

Img: [Redacted] This is bad because….

Refund/Invoice Scam (Check with billing)

Img: [Redacted] This is bad because….

Anything with crypto (May still have screenshots)

Img: [Redacted] This is bad because….

Unauthorized/Suspicious Login attempt (Spotify, Amazon, Google)

Img: [Redacted] This is bad because….

Fake delivery/status checkers (Amazon, USPS, FedEx, DHL)

Img: [Redacted] This is bad because….

Accounts that aren’t associated with a particular email (Bank account that was registered with a different address)

Img: [Redacted] This is bad because….

Impostor (email from macrohard saying they’re from microsoft)

Img: [Redacted] This is bad because….

Most of these are screenshots taken from our alerts! Some of them might actually look pretty well done until you recognize what you’re looking at!

If you do click a link in a suspicious email, don’t fret. But don’t do nothing about it either. As soon as you realize it, let your boss know and call the helpdesk to have a ticket forwarded for investigation. Your credentials will likely be reset and active sessions terminated in an abundance of caution.

But what do these sites look like? We’ll show you a few more examples.

Lookalike sites

  • Sharepoint
  • Microsoft login
  • USPS info request

Notes:

  • Signs of phishing
  • What do signs actually look like
  • Targeted vs bulk(?). General awareness on how info is colleted
  • Breach, social media, site scrape, public sources
  • Federal reporting guidelines. Forward to IT for reporting.

UIDRRO