Dangerous Email - Identifying a Phishing Attack

Phishing is the attempt to get sensitive information (like usernames, passwords, and financial information) by masquerading as a trustworthy source in an email. They can range from crude basic attempts to get money directly, to more sophisticated attacks that include data about an organization you belong to. However, once they are scrutinized, they are easily identifiable to the trained eye. 

Here are some tips, and examples, on how to identify a phishing attack.


The first thing to remember is that CWU will NOT ask you for confidential information in a “”BCC” email, and will not direct you to a link off our secure network.

  • The “To:” field
    • The “To:” field in many phishing emails is left blank.  This is because a phisher uses a compromised account to send an email, and instead of obviously sending an email to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.
  • The “From:” field
    • In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all!
    • In a money Phishing scheme, these will often not match at all
      • FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg>
  • Links
    • Look for links that use “Click Here” or other generic terms to hide the link path.
    • Links that lead to a site other than the organization they are pretending to be.  Often generis sub-sites, or foreign sites ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch”
  • Spelling and Grammar
    • Most Phishing attempts are initiated in countries where English is not a primary language.  As such, emails are fraught with grammatical and spelling errors.  See the examples below.
  • Generic IT terms
    • Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations.  While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.


If you receive a mail and you are not certain, please contact the Service Desk at (509) 963-2001 before clicking anything in the email.

<Example 1>

From: Rinehart, Barbara - Sparr Elementary School [mailto:Barbara.Rinehart@marion.k12.fl.us]
Sent: Monday, November 17, 2014 1:07 PM
Subject: Admin Help Desk

Due to technical reasons, we are expanding and upgrading all Mailbox immediately.

Please click here CLICK HERE and fill the form completely. click submit for validation.

 


[Florida has a very broad Public Records Law. All correspondence sent to or from this entity is subject to the Public Records Law of Florida. Email communication may be subject to public and media disclosure upon request. Under Florida Law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.]


~An Equal Opportunity School District~


<Example 2>

From: Butler, Hannah E. [mailto:heb2121@cumc.columbia.edu]
Sent: Tuesday, November 18, 2014 5:27 AM
To: info@mail.org
Subject: Password will expire in 4 days‏

Please Click Here to Validate your email account
 
 IT-Service Help Desk


<Example 3>
 

-----Original Message-----
From: FBI OFFICE [mailto:info@mul-t-lock.co.ke]
Sent: Monday, November 17, 2014 9:33 PM
Subject: WE THE FBI HAVE A WARRANT TO ARREST YOU

Anti-Terrorist and Monetary Crimes Division Fbi Headquarters In Washington, D.C.

Federal Bureau Of Investigation

J. Edgar Hoover Building

935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001 Website: www.fbi.gov

Attention, this is the final warning you are going to receive from me do you get me?

I hope youre understand how many times this message has been sent to you?.

We have warned you so many times and you have decided to ignore our e-mails or because you believe we have not been instructed to get you arrested, and today if you fail to respond back to us with the payment then, we would first send a letter to the mayor of the city where you reside and direct them to close your bank account until you have been jailed and all your properties will be confiscated by the fbi. We would also send a letter to the company/agency that you are working for so that they could get you fired until we are through with our investigations because a suspect is not suppose to be working for the government or any private organization.

Your id which we have in our database been sent to all the crimes agencies in America for them to inset you in their website as an internet fraudsters and to warn people from having any deals with you. This would have been solved all this while if you had gotten the certificate signed, endorsed and stamped as you where instructed in the e-mail below.this is the federal bureau of investigation (fbi) am writing in response to the e-mail you sent to us and am using this medium to inform you that there is no more time left to waste because you have been given from the 3rd of January. As stated earlier to have the document endorsed, signed and

stamped without failure and you must adhere to this directives to avoid you blaming yourself at last when we must have arrested and jailed you for life and all your properties confiscated.

You failed to comply with our directives and that was the reason why we didn't hear from you on the 3rd as our director has already been notified about you get the process completed yesterday and right now the warrant of arrest has been signed against you and it will be carried out in the next 48hours as strictly signed by the fbi director. We have investigated and found out that you didn't have any idea when the fraudulent deal was committed with your information's/identity and right now if

you id is placed on our website as a wanted person, i believe you know that it will be a shame to you and your entire family because after then it will be announce in all the local channels that you are wanted by the fbi. As a good Christian and a honest man, I decided to see how i could be of help to you because i would not be

happy to see you end up in jail and all your properties confiscated all because your information's was used to carry out a fraudulent transactions, i called the efcc

and they directed me to a private attorney who could help you get the process done and he stated that he will endorse, sign and stamp the document at the sum of $98.00

usd only and i believe this process is cheaper for you.

You need to do everything possible within today and tomorrow to get this process done because our director has called to inform me that the warrant of arrest has been signed against you and once it has been approved, then the arrest will be carried out, and from our investigations we learnt that you were the person that forwarded your identity to one impostor/fraudsters in Nigeria when he had a deal with you about the transfer of some illegal funds into your bank account which is valued at the sum of $10.500,000.00 usd.

I pleaded on your behalf so that this agency could give you till 11/17/2014 so that you could get this process done because i learnt that you were sent several e-mail without getting a response from you, please bear it in mind that this is the only way that i can be able to help you at this moment or you would have to face the law and its consequences once it has befall on you. You would make the payment through Western Union money transfer with the below details.

NAME: Uzoukwu Okechukwu

ADDRESS:  LAGOS  NIGERIA

TEXT QUESTION:FOR

ANSWER: YOU

AMOUNT: $98

Senders name======

Send the payment details to me  senders name and address,Ref# number, text question and answer used and the amount sent. Make sure that you didn't hesitate making the payment down to the agency by today so that they could have the certificate endorsed, signed and stamped immediately without any further delay. After all this process has been carried out, then we would have to proceed to the bank for the transfer of your compensation funds which is valued at the sum of $10.500,000.00 usd which was suppose to have been transferred to you all this while.

Note/ all the crimes agencies have been contacted on this regards and we shall trace and arrest you if you disregard this instructions. You are given a grace today to make the payment for the document after which your failure to do that will attract a maximum arrest and finally you will be appearing in court for act of terrorism, money laundering and drug trafficking charges, so be warned not to try any thing funny because you are been watched.

THANKS FOR YOUR CO-OPERATION.

YOURS IN SERVICE,

NEW FBI DIRECTOR.SIR JAMES B.COMEY

NW WASHINGTON,D.C. 20535-0001

Anti-Terrorist and Monetary Crimes Division Fbi Headquarters In Washington, D.C.

Federal Bureau Of Investigation

J. Edgar Hoover Building

935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001 Website: www.fbi.gov

 

Was this helpful?
83% helpful - 6 reviews

Details

Article ID: 2749
Created
Tue 11/18/14 11:21 AM
Modified
Mon 10/7/19 1:53 PM

Files (1)

pptx

Phishing.pptx

1/7/2015 3:11:57 PM