Phishing Example: Help Desk Notice

March 4, 2016

What makes this a Phishing message?

  • The weird special characters in the subject line are highly suspicious.
  • The sender of the message has been forged to appear to be from a real person in the Capistrano school district (the name has been changed).  The culprit who sent this message didn't bother to readdress it from a person in the "berkeley.edu" domain.
  • The recipient address is an email alias ("info") in an unknown domain ("@live.com").  You would expect a notification such as this to be sent directly to the person's address.
  • The red font color, the poor grammar, and the weird special characters in the body of the message are all very suspicious.
  • The "Click Here" link leads to a malicious website.


Original Message:

Subject: Help Desk​ Notice.
From: "Doe, Jane J." <jjdoe@capousd.org>
Date: 3/4/2016 4:00 PM
To: "info@live.com" <info@live.com>

We detected unknown IP access on our date base computer system our security requires you to verify your account for secure security kindly Click Here and verify your account. 
​
Help Desk​

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu.  Be sure to include the entire text of the message, including the email header.