Phishing example email
What is phishing?
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.
Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
From KnowBe4.com
What are some common signs of phishing?
Effective phishing messages can look like the real thing! Below is an example message sent to Staff in August 2019:
From Name / Address | IT <IT@brrice.edu> - the sender appears to be from @brrice.edu but not a recognizable address. Messages from the Technology Department are only sent from an actual person (e.g. Chris McCoy). |
|---|---|
Subject | Change of Password Required Immediately - phishing message frequently inspire a sense of urgency so you are moved to action. |
Body | In order to prevent further damage… - phishing emails warn of a negative consequence of not following the link. |
Link | Change Password - Hovering over the link would show a random URL that is not related to BRHS (brrice.edu) or any recognizable service we use (Gmail, OneDrive, Naviance, Salesforce, etc.). |
Grammar / Punctuation | Although not highlighted in this message, phishing messages are often computer generated and may use poor punctuation or poor English grammar. |
How would using Gmail help?
Not every malicious message will be flagged or blocked so it is always important to know the warning signs. The same example message from above, if not sent as test, would be displayed in Gmail like this:
Additionally, if you did click on the link, an additional warning would have been displayed:
Lastly, if the message contained an attachment, it would have been blocked: