Santa Clara University

Information Security Office

Phishing Examples

RSS Subscribe to Phishing Examples
 
 
RSS

A Phishing Guide: Don't Get Fooled by Emails

Don't know what phishing emails looks like? Well, you've come to the right place! Here, you will find examples of phishing emails and how to spot them.

  •  Advanced Phishing Attack on Google Users

    Thursday, May. 15, 2014
    email from google phish

    Recently, hackers have been targetting Google users' passwords in an advanced phishing scheme. If you receive an email from Google, please make sure it is legitimate. The scam starts with an email from "Google" with "Mail Notice" or "Lookout Notice" as the subject. 

    The email reads: "This is a reminder that your email will be locked out in 24 hours, due to not being able to increase your email storage quota. Go to the INSTANT INCREASE to increase your Email storage automatically" (go to this blog post to see the email screenshot).

    If the user clicks on the INSTANT INCREASE link, the user gets redirected to a fake Google login page (see image in this blog post) where the user is then prompted to put in their credentials. Once the hackers get this information, they will have access to the victim's emails, Google documents, Google Play, Google+, etc. 

    People who are using the Google Chrome browser are at risk, as well as Firefox Mozilla users.

    Please visit this website for more information: http://www.cnbc.com/id/101668517

     

  •  Google Doc Phishing email

    Tuesday, May. 6, 2014

     A Google Doc email phishing scam is making the rounds. It tries to trick Gmail and Google Drive users into giving up the username and password for their Gmail account.

    The scam starts with an email that urges the recipient to view an "important document" on Google Docs by clicking on a link. But when the recipient clicks on the link, it does not go to Google Docs. Instead, the user gets directed to a fake Google Drive login page (a small difference that most users won't notice) that looks like the Gmail login page. Here, he or she is asked to enter the username and password for their Gmail account.

    The fake Google Drive login site looks eerily similar to the real one with Google's signature "One account. All of Google" slogan and the same little icons below for Gmail, Google Drive, Google Maps, Google+ etc.

    Symantec reports the only difference seems to be that it doesn't recognize the user (with a photo, if you normally have that on on your Gmail account, although that may not show up on the real site, either, depending whether you have cookies enabled.) 

    If the user logs in on the fake Google Drive site, their username and password are sent to a compromised web server. The page will redirect to an actual Google Docs document. The user may not notice anything suspicious, but logging in could have big consequences for their bank account.

    In the example posted (click on the thumbnail to view the example), the sender is urging the recepient to click on the Google Doc.

    Phishing Tip: To avoid becoming a victim of a phishing attack (it's when scammers try to obtain people's personal and financial information), never click on a link or attachment in an email from a sender you don't recognize. 





  •  Foreign Language Phishing Example

    Thursday, May. 1, 2014

    Have you ever gotten an email in a language that you couldn't read? It is most likely a phish email or spam. Please remember: DO NOT CLICK ON THE LINKS if there are any. If you can't understand the email, you shouldn't be pressing on anything. Just mark the email as spam and delete it from your inbox. 

    The example image is a Turkish phishing email.

    Tip: If an email subject title seems strange or foreign, don't even bother to click on the email. Just mark it as spam and delete it. You don't know what will happen if you click on the email. 

Information Security Office, 1-408-554-5554, iso@scu.edu