Phishing Example: UCB-HR "Your New Salary Notification"

December 10, 2015

What makes this a Phishing message?

  • While the sender's address looks authentic, that is easily forged
  • The subject line is a give-away, the HR Dept. would never send an "URGENT" salary notification via email
  • "Marquette University"..?  "hence"..?  Really..?
  • The punctionation is missing at the end of each sentence
  • The link to "gabrielramon.be" is not a university address
  • The "Faithfully" signature is unprofessional, and the fact that the message is not from a real person is another indication of a phish

Original Message:

From: UCB-HR <HR@berkeley.edu>
Date: Thu, Dec 10, 2015 at 7:22 AM
Subject: URGENT: Your New Salary Notification
To: <recipient's name removed>@berkeley.edu

Hello, You have an important email from the Human Resources Department with regards to your December 2015 Paycheck

This email is enclosed in the Marquette University secure network, hence access it below

Access the documents here <http://gabrielramon.be/<link removed>

***Ensure your login credentials are correct to avoid cancellations**

Faithfully
Human Resources
University of California, Berkeley

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu (link sends e-mail).  Be sure to include the entire text of the message, including the email header.