Santa Clara University

Information Security Office

Phishing Examples

RSS Subscribe to Phishing Examples
 
 
RSS

A Phishing Guide: Don't Get Fooled by Emails

Don't know what phishing emails looks like? Well, you've come to the right place! Here, you will find examples of phishing emails and how to spot them.

The following postings have been filtered by tag phishing emails. clear filter
  •  10 Million Dollars for You!

    Monday, Jul. 21, 2014

     The sender of this email is claming that after you give them your personal information (full name, address, phone, valid ID, occupation, age/sex), you will receive a Visa ATM Card with ten million dollars on it! Now that sounds way too good to be true. Here's why:

    The first major red flag is that the email is asking for personal information for a bank in Benin Republic, which is a country in Africa, as "quickly as possible". Secondly, how do you have ten million dollars waiting for you? That sounds like the beginning of a scam. Don't fall for it. Also, the email is sent from abuse@scu.edu, even though the sender is in Benin, Africa. 

    The verdit: this is a phishing scam. 

     
  •  Church Work Phish

    Wednesday, Jul. 2, 2014

     The Information Security Office recently recieved a phishing email. How did we know that it was a phish email?

    After reading through the first paragraph of the email, notice that there are grammatical errors and the wording is very strange. The second paragraph also has grammatical errors. It tries to get people to reply to the email saying that the woman's husband is dead, but rich. It's a typical my-husband-is-dead-but-I-got-his-money-and-I'm-giving-it-away phish. The third paragraph should be the most suspicious because it says "this fund is deposited in a bank in the country where my husband worked ...", so you have to give her your personal informtion so a lawyer can transfer it to you. Please remember to never give out personal information to suspicious emails. Last but not least, the basis of the donation was on the user's "church work". But the ISO doesn't really do church work, so it's strange that someone would donate money for the ISO's "church work" . Therefore, this is a phishing email. 

    If you recieve an email similar to this, PLEASE DO NOT RESPOND BACK!

    church work phish email
  •  Advanced Phishing Attack on Google Users

    Thursday, May. 15, 2014
    email from google phish

    Recently, hackers have been targetting Google users' passwords in an advanced phishing scheme. If you receive an email from Google, please make sure it is legitimate. The scam starts with an email from "Google" with "Mail Notice" or "Lookout Notice" as the subject. 

    The email reads: "This is a reminder that your email will be locked out in 24 hours, due to not being able to increase your email storage quota. Go to the INSTANT INCREASE to increase your Email storage automatically" (go to this blog post to see the email screenshot).

    If the user clicks on the INSTANT INCREASE link, the user gets redirected to a fake Google login page (see image in this blog post) where the user is then prompted to put in their credentials. Once the hackers get this information, they will have access to the victim's emails, Google documents, Google Play, Google+, etc. 

    People who are using the Google Chrome browser are at risk, as well as Firefox Mozilla users.

    Please visit this website for more information: http://www.cnbc.com/id/101668517

     

  •  Google Doc Phishing email

    Tuesday, May. 6, 2014

     A Google Doc email phishing scam is making the rounds. It tries to trick Gmail and Google Drive users into giving up the username and password for their Gmail account.

    The scam starts with an email that urges the recipient to view an "important document" on Google Docs by clicking on a link. But when the recipient clicks on the link, it does not go to Google Docs. Instead, the user gets directed to a fake Google Drive login page (a small difference that most users won't notice) that looks like the Gmail login page. Here, he or she is asked to enter the username and password for their Gmail account.

    The fake Google Drive login site looks eerily similar to the real one with Google's signature "One account. All of Google" slogan and the same little icons below for Gmail, Google Drive, Google Maps, Google+ etc.

    Symantec reports the only difference seems to be that it doesn't recognize the user (with a photo, if you normally have that on on your Gmail account, although that may not show up on the real site, either, depending whether you have cookies enabled.) 

    If the user logs in on the fake Google Drive site, their username and password are sent to a compromised web server. The page will redirect to an actual Google Docs document. The user may not notice anything suspicious, but logging in could have big consequences for their bank account.

    In the example posted (click on the thumbnail to view the example), the sender is urging the recepient to click on the Google Doc.

    Phishing Tip: To avoid becoming a victim of a phishing attack (it's when scammers try to obtain people's personal and financial information), never click on a link or attachment in an email from a sender you don't recognize. 





Information Security Office, 1-408-554-5554, iso@scu.edu