Skip to content

Sample Phishing E-mails

 

The examples below are taken from actual e-mails received by members of the UB community. Can you tell the difference between phishing attempts and legitimate e-mail?


Upgrade Warning

5

What to Notice:
  • Even though the sender appears to have a UB e-mail address, this is a phishing trick. UB does not use a "customer service" e-mail. 
  • The generic greeting (instead of your name)
  • The "Click Here to Upgrade" URL doesn't lead to a UB site (you can put your curser over a link in an e-mail to see where the link leads to). In the image below, note that the URL ends with ubalt.edu.htm, which is not the same as ubalt.edu.
    link

Account Error

1

What to Notice:
  • The "From" address is not consistent with the administrator address (which would appear more like webadmin@domain.com. In the case of UB, it would be ubalt.edu)
  • Furthermore, the e-mail addresses in the "From" and "reply-to" fields are two different domains. A legitimate service would have all of its e-mail accounts on its own domain (for example, all UB administration e-mail will end with @ubalt.edu)
  • The generic "Email Owner" greeting instead of your name indicates that this could be a mass e-mail instead of a real warning to you
  • The link in the body of the email is not for the site which has issued the warning

Username and Password Request

2

What to Notice:
  • The request itself should raise alarm -- UB and other legitimate companies will never ask you for your password.
  • The URL leads to an external site completely unrelated to the sender's domain (docs.google.com, instead of guilford.edu)
  • The sense of urgency and threat of deactivation, to prompt you to act quickly instead of considering the risks

Security Violation

3

What to Notice:
  • The greeting, "Dear Account User," is generic instead of addressed to a specific person
  • The link in the body is not for a UB site (ubalt.edu) -- this goes to jimdo.com
  • Typos and grammatical errors
  • Sense of urgency/threat which requires immediate action

Quota Limit

email 6

What to notice:
This one looks pretty convincing, but:
  • The best place to start is the "From" line: once again, it's not a ubalt.edu email address.
  • Check the link in the email by hovering your cursor over it: this link, shown in the image below, actually leads to a page at yolasite.com, which is not affiliated with UB.
    link