Phishing Example: "Dear Email User" Expired Password Ploy

February 9, 2016

What makes this a Phishing message?

  • It is inappropriate to address the recipient as "Dear Email User" and put the message salutation in the subject line. 
  • The sender address has been forged to appear to be from a real person within the "Seed School Maryland" organization (the name has been changed to "John Doe").  As is common, the real sender didn't bother to forge the message from a "berkeley.edu" email account.
  • The message has been sent to a email alias ("admin") in an unknown domain ("@notice.org"), instead of being specifically addressed to the recipient.
  • The "Click Here" link redirects the user to a malicious website.
  • Legal disclaimers, such as the one below, are typically intended to obfuscate the real intent of the phishing message.


Original Message:

Subject: Dear Email User
From: John Doe <jdoe@seedschoolmd.org>
Date: 2/9/2016 5:38 PM
To: "admin@notice.org" <admin@notice.org>

Your password will expire in 2 days, Click Here
to re-change your password immediately.

Thank you,
IT- Help Desk


SEED IS PROUD TO BE A 21st CENTURY COMMUNITY LEARNING CENTER.
LEGAL DISCLAIMER - The information contained in this communication (including any attachments) may be confidential and legally privileged. This email may not serve as a contractual agreement unless explicit written agreement for this purpose has been made. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication or any of its contents is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender indicating that it was received in error and delete the original message and any copy of it from your computer system.

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu (link sends e-mail) (link sends e-mail) (link sends e-mail) (link sends e-mail) (link sends e-mail).  Be sure to include the entire text of the message, including the email header.