The sophistication of phishing varies greatly. Our latest example is below.
There is nothing real about this. The email itself has a strange sender, there are issues with grammar, spelling, and punctuation. The link points to an unfamiliar URL. The email isn’t signed by an individual, just a title. Lastly, the content of the message doesn’t quite jive with what the College is doing, though it is coincidentally close.
The email, however, is clearly targeted at us in education. This is somewhere between “spear phishing”, where an organization is specifically targeted, and normal phishing. Unfortunately, it happens to coincide with the recent announcements of our migration to Google mail for faculty and staff, which makes to a tad more believable. If you click on the link, you are sent to a website that solicits a _lot_ of information:
Here the images are blurry, and the red flags are:
- It is not on a Holy Cross domain name.
- It is an insecure URL (no https).
- It is asking for your username and password.
- You arrived here from a shady email, not a trusted source.
If you fill this form out, the attackers empty your email account, and begin using your email account to spam others with similar messages.
If you happen to fall victim to this attack, please contact the Helpdesk at x. 3548.