Phishing Example: U.S. Dept. of Labor "Record Update"

January 18, 2016

What makes this a Phishing message?

There are many clues to indicate this is a phish - don't be fooled by the official-looking emblem, or by messages requiring "urgent" action:

  • The "." at the end of the subject line is suspicious
  • The message does not have a signature from a real person to indicate who it is from
  • Hover your cursor over the "Update" link - the "http://www.labour-department.info" address is highly suspect in many ways:
    • No "https" protocol for secure communication
    • "labour" is misspelled (unless you live in a British commonwealth country)
    • ".info" suffix should be ".gov"

No legitimate business or government entity should ever request personal information to be updated online.

Original Message:

Subject: Record Update.
From: "Dept. Of Labor" <records@dol.gov>
Date: 1/18/2016 1:57 PM
To: undisclosed-recipients:;



This is an urgent request to update your employment record at the U.S Department of Labor.

Update 

Thank you

U.S Dept. of Labor
Frances Perkins Building, 
200 Constitution Ave., NW, 
Washington, DC 20210

Warning:  The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.

The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).

Report suspected phishing emails to consult@berkeley.edu (link sends e-mail) (link sends e-mail) (link sends e-mail) (link sends e-mail).  Be sure to include the entire text of the message, including the email header.