What makes this a Phishing message?
This fairly sophisticated spear phishing attack was specifically targeted to academic staff. The link to the first article directed the recipient to a counterfeit CalNet login page. Fortunately, the recipients noticed some discrepancies:
- The sender's address is suspicious (e.g., "ualberta.com" is misspelled "ulberta.com")
- The subject line indicates the message is a response to a previous message with no subject line - that is pretty strange, considering the sender-initiated the conversation
- In the link to the first article, the URL address to the CalNet login page is wrong in many, many ways (visit the "How to Detect the Authentic CalNet Login Page" to learn more)
The bad guys who sent this message made some effort to make it appear to be authentic:
- The original name of the email sender (aka "John Doe") was an actual faculty member at the University of Alberta
- The second article links to a real research paper
Original Message:
|
Date: Sat, 2 Jan 2016 09:58:07 GMT Dear Dr. <recipient's name removed>; I recently read your last article and it was very useful in my field of research. I wonder, if possible, to send me these articles to use in my current research: 1- http://auth.berkeley.eduh.in/<link removed> 2- http://www.sciencedirect.com/science/article/pii/S1644966515000825 Thanks for you Cooperation in Advance. |
