Phishing Examples

Here are some real life examples to the phishing emails , and how to spot them!
There are three levels of difficulty here and how they relate to the phishing checklist provided in the Recognizing phishing .

Example 1 (Easy):

Open

Phishing Awareness Checklist

☐ Was I expecting this email? - I haven't gotten any communication from IT , and all my log ins are working , so no

☒ Is it creating urgency or pressure? - Yes, ill be locked out if i don't do this

☒ Does the sender’s email address look correct? - No , its from a random Hotmail address

☒ Does the link look suspicious? - Yes, if you hover over the button you see a random amazon link show up in the bottom . This is where clicking the button will take me . This is not a Valpo Webpage.

☒ Is it asking for sensitive information? - No , but if you click the link it will ask.

☐ Did I receive an MFA/login approval I didn’t initiate? - No

☒ Does something feel “slightly off”? - Yes , there is no Valpo branding on the page , and doesn't specify me by name or email.

This is email is easy to spot due to a random email address, no Valpo branding , a random link that leads to a non Valpo site, and doesn't seem tailored to me in anyway.

Example 2 (Medium):

Open

Phishing Awareness Checklist

☐ Was I expecting this email? - Nope , it would be sweet to get random 250$ gifts though.

☐ Is it creating urgency or pressure? - Directly no , but the pressure comes from the anticipation to add it to your account and start spending it.

☒ Does the sender’s email address look correct? - Nope, coming from a random rewards.com email

☒ Does the link look suspicious? - Yes, if you hover over the button you see a random secure login link show up in the bottom.

☒ Is it asking for sensitive information? - No , but if I click that link it wants my login.

☐ Did I receive an MFA/login approval I didn’t initiate? - No

☐ Does something feel “slightly off”? - Not really , even has my email in there to know it was made for me.

This one is harder due to it being addresses to my email , so it seems personal .But attackers can just code in their emails to fill it with your email to make it seem personal . The gift was out of nowhere and it doesn't specify who it came from . Also the link leads to a non amazon website but wants my amazon info to “attach” it to my account. I do love money , but I also love someone not reading through all my emails and using it to send all my colleagues mass spam.

Example 3 (Hard):

Open

Phishing Awareness Checklist

☐ Was I expecting this email? - No, but maybe something a manager would have told you was coming . Or you seen in a newsletter from the university.

☐Is it creating urgency or pressure? - No

☐ Does the sender’s email address look correct? - Yes, seems to be coming from the HR email , even has branding.

☒ Does the link look suspicious? - Yes, leads to almost a Valpo website but it has a bunch of extra that I don't recognize. Attackers can own sites that look very similar.

☒ Is it asking for sensitive information? - No , but if you click on the link it tries to download a software to my PC to help me.

☐ Did I receive an MFA/login approval I didn’t initiate? - No

☒ Does something feel “slightly off”? - If you click on the link and it tries to download something or immediately wants you to log in , something is off.

This one is much harder to spot since it doesn't create urgency , or seem malicious . But all it takes is for one or two people to fill out the info for a malicious actor to steal your account and then use it to send a bunch of emails from pretending to be you. If you notice though , the link is wrong but most importantly , it doesn't specify me by name or even what hiring manager I would be meeting with . This email seems very generic to target a large crowd.

Related articles