Phishing Simulation Examples

14th Phishing Email: November 29, 2016 – December 6, 2016 – Order Not Processed

• This was sent the Tuesday after Thanksgiving / Cyber Monday. Since many people do holiday shopping at this time of year, many bad actors take this as an opportunity to phish. Always double check before opening any email attachments, links, or websites during “susceptible” seasons, such as the holidays or tax season.
• The sender’s email address domain, universitysupport.org, is not Hofstra’s (hofstra.edu) so that’s a first indication that this could be a suspicious email. However, keep in mind that there are ways in which a cyber thief can create a domain that looks legitimate, so always be wary of links in an email regardless of who it’s from!
• Phishing emails tend to give a sense of urgency to lead you to believe you have to click on a link right away. For example, words like “DO NOT DELAY” bring up a feeling of having to address the issue right away. Be careful of emails that have that tone.
• If you’re not sure if an email is legitimate, call the institution that you think is sending it. In this case, it may sound like it’s from Hofstra, but it’s not. You can call the Help Desk at 516-463-7777 to confirm a suspicious email you think is from someone purporting to be Hofstra.

***

13th Phishing Email: June 15, 2016 – June 22, 2016 – Payroll Account Verification

• The sender’s email address domain, universitysupport.org, is not Hofstra’s (hofstra.edu) so that’s a first indication that this could be a suspicious email. However, keep in mind that there are ways in which a cyber thief can create a domain that looks legitimate, so always be wary of links in an email regardless of who it’s from!
• Phishing emails tend to give a sense of urgency to lead you to believe you have to click on a link right away. For example, words like “DO NOT DELAY” bring up a feeling of having to address the issue right away. Be careful of emails that have that tone.
• If you’re not sure if an email is legitimate, call the institution that you think is sending it. In this case, it may sound like it’s from Hofstra, but it’s not. You can call the Help Desk at 516-463-7777 to confirm a suspicious email you think is from someone purporting to be Hofstra.

***

Phishing Simulation Examples

12th Phishing Email: April 1, 2016 – April 6, 2016 – Microsoft Account Suspension

• The sender’s email address domain, universitysupport.org, is not Hofstra’s (hofstra.edu) so that’s a first indication that this could be a suspicious email. However, keep in mind that there are ways in which a cyber thief can create a domain that looks legitimate, so always be wary of links in an email regardless!
• Phishing emails tend to give a sense of urgency to lead you to believe you have to click on a link right away. For example, words like “DO NOT DELAY” bring up a feeling of having to address the issue right away. Be careful of emails that have that tone.
• If you’re not sure if an email is legitimate, call the institution that you think is sending it. In this case, it may sound like it’s from Hofstra, but it’s not. You can call the Help Desk at 516-463-7777 to confirm a suspicious email you think is from someone purporting to be Hofstra.

***

11th Phishing Email: February 1, 2016 – February 6, 2016 – Package on hold

• The sender’s email address domain, universitysupport.org, is not Hofstra’s (hofstra.edu) so that’s a first indication that this could be a suspicious email. However, keep in mind that there are ways in which a cyber thief can create a domain that looks legitimate, so always be wary of links in an email regardless!
• Phishing emails tend to give a sense of urgency to lead you to believe you have to click on a link right away. For example, words like “DO NOT DELAY” and “avoid having your package sent back” bring up a feeling of having to address the issue right away. Be careful of emails that have that tone.
• If you’re not sure if an email is legitimate, call the institution that you think is sending it. In this case, it may sound like it’s from Hofstra, but it’s not. You can call the Help Desk at 516-463-7777 to confirm a suspicious email you think is from someone purporting to be Hofstra.

***

Tenth Phishing Email: October 12, 2015-October 19, 2015 – Campus wi-fi

• The sender’s email address domain, universitysupport.org, is not Hofstra’s (hofstra.edu) so that’s a first indication that this could be a suspicious email. However, keep in mind that there are ways in which a cyber thief can create a domain that looks legitimate, so always be wary of links in an email regardless!
• Phishing emails tend to give a sense of urgency to lead you to believe you have to click on a link right away. For example, words like “DO NOT DELAY” and “register your device by October 17” bring up a feeling of having to address the issue right away. Be careful of emails that have that tone.
• If you’re not sure if an email is legitimate, call the institution that you think is sending it. In this case, it may sound like it’s from Hofstra, but it’s not. You can call the Help Desk at 516-463-7777 to confirm a suspicious email you think is from someone purporting to be Hofstra.

***

Ninth Phishing Email: August 27, 2015 – Wifi Access for Fall 2015

• The email where this came from should immediately give you a clue that this is a phish. It doesn’t appear that it’s from Hofstra University.
• Note that the IT Department will have the Help Desk banner on top of all its messages.
• As always, be wary of links. Hovering over the link shows a suspicious URL that says : “http://e325nmp3.itpatches.com/fbb488/?login_id=1991d99a-e581-463b-af39-6f956c52ed5e”

***

Eighth Phishing Email: July 28, 2015 – Survey for a Columbia Multisport Jacket

• Note that it says “Health Benefits Group” however the email address indicates that it’s from the domain “healthyemployee.me”. This should automatically alert you that this is communication that does not originate from Hofstra.
• You should always be wary of links or attachments on an email, no matter who it’s from. Always try to think of the possibility of extracting
• If you’re not sure whether an email is a potential phish or not, contact the Help Desk at 516-463-7777.

***

Seventh Phishing Email: June 25, 2015 – Password will expire in 3 days

• Even though it says “Information Technology” is the sender of this email, look carefully at the email address found within the < > brackets. Since it is not even from a hofstra.edu domain, this should be the first indicator that this is a suspicious email.
• The subject indicates that your password will expire in three days. Many phishing emails try to invoke a sense of urgency to force you to click on a link. Remember, you can hover over a link to see whether or not it has a questionable URL.
• If you still are not sure, call the Help Desk at 3-7777 to ensure that the email you’re receiving is not a malicious one.

***

Sixth Phishing Email: March 31, 2015 – New DigitalFax message

• This one is tricky because it looks legitimate. As always, be cautious of unexpected emails and emails with links. If you were expecting something, contact the person and ask if they sent it through this service.
• If you’re not sure, it’s best to err on the side of caution. You can report it to phishing@hofstra.edu. You can also use the PhishMe Reporter button found on your Outlook client. The button has this icon:
  
  

Good to Know:

The education piece on this email explained what Ransomware is.

What is Ransomware?

Ransomware is a type of malware that holds information hostage in an attempt to extort money for its release. This type of malware has grown in sophistication and will now completely encrypt all files on your computer and network drives. In many cases, these files cannot be retrieved.

How does it spread?

Ransomware is typically spread through phishing emails that contain malicious attachments. These emails appear to come from a legitimate source and give a compelling reason that the document is important. Malicious attachments are often PDF files that are zipped and appear as invoices, voice messages, or other work-related files.

In some cases, Ransomware may end up on your computer by visiting infected web sites. To avoid malicious drive-by downloads, ensure that antivirus and all installed software is up-to-date.

What does it do?

Once ransomware has been installed on a computer, it will encrypt files on the computer as well as data on files servers. Once it has finished encrypting files, a message will be displayed for the user with instructions for retrieving lost files. In some cases the message will imply that the FBI, US Department of Justice, or some other government agency encrypted your files due to illegal activity. In other cases, the criminals will state up-front that they have illegally encrypted your files and the only way to retrieve them is by paying the ransom.

How to prevent being a victim

• Under NO circumstances should you follow any provided links or contact the criminals by email.  
• Back-up your files regularly.
• Bookmark your favorite websites and access only via bookmarks. 
• Download email attachments from trusted sources.
• Use security software.

Sources:

• http://www.montana.edu/itcenter/beaware/ransomware.php
• https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-101-what-it-is-and-how-it-works

*Please stay alert for any suspicious emails. More information about the Phishing Simulation Project as well as what are the indicators of a phishing email.***

Fifth Phishing Email: March 26, 2015 – Someone has shared an article with you

This email was a highly personalized email, where the highlighted fields below are adjusted to make it appear that the sender is actually a colleague.

1. The email says it’s from the Wall Street Journal, but you can see that the email address indicates share@nagts.org.
2. ALWAYS be cautious of attachments or links. If you are not expecting an email, the email is out of context, or something does not look right with the email, report the email or delete it.
3. This one is tricky because this was a highly personalized phishing email. It looks like someone from within the department actually shared an article with you. Worst case, give the colleague a call or a separate email (do NOT forward the suspicious email) to confirm whether or not he or she actually shared an article with you.

***

Fourth Phishing Email: March 17, 2015 – St. Patrick’s Day Behavior

1. The email says it’s from “Diane Stevens” but closer inspection of the email address, diane.stevens@hr-communication.com, indicates this is not an email address from Hofstra.
2. ALWAYS be cautious of attachments or links. If you are not expecting an email, the email is out of context, or something does not look right with the email, report the email or delete it.

*Please stay alert for any suspicious emails. If you want to know more about the Phishing Simulation Project as well as what are the indicators of a phishing email, click here.

***

Third Phishing Email: February 12, 2015 - Check eligibility for Computer Refresh program

Here is a phishing email that looked quite convincing and was purporting to be from Information Technology.

1. While the name indicates “Information Technology”, the email address states it@webaccess-alerts.net. This is not a Hofstra email address. If you’re not sure, do not click on anything and dial 516-463-7777 to confirm.
2. If an alert did come from our Hofstra’s Help Desk, it would have the typical Help Desk banner across the top of the email.
3. ALWAYS be cautious of links from unknown senders (referring to the first indicator). Do not impulsively click on links in an email.

*Please stay alert for any suspicious emails. If you want to know more about the Phishing Simulation Project as well as what are the indicators of a phishing email, click here.

***

Second Phishing Email: December 8, 2014 – Undeliverable Package Notification

This was a tricky one! What would have given you clues as to why this could be a Phishing Email?

1. Phishing attempts are high during the holiday season (Thanksgiving, Cyber Monday, Christmas). Be wary of emails and make sure they can be verified by the merchant you’re purchasing from.
2. You weren't expecting a package to be delivered.
3. The order number doesn't match any orders that you placed.
4. The email and delivery company (freightinternationalservices.com) is not familiar or cannot be verified by the vendor from whom you purchased an item.
5. This phishing simulation was sent on December 8^th. The “Order Date” says December 11^th.

*Stay tuned for the next simulated phishing email.
If you want to know more about the Phishing Simulation Project as well as what are the indicators of a phishing email, click here.

***

First Phishing Email: Google Documents Sharing Request

What would have given you clues as to why this could be a Phishing Email? 

1. Who is it from? It could say "James" but do you recognize the email address? Were you expecting an email from this person? If you're not sure if its legitimate or not, call the person or company you were expecting the email from for confirmation.
2. What does the subject say? Is it something you're expecting?
3. What does the body of the email say? Is it relevant to me? Is the grammar incorrect? The grammar is suspect in the above example.
4. When I hover over the link, does it go to a URL that I trust or is the same as the link text? In this case, it is tricky because it says "google.edoctransfer.com". Reading through the entire email with the bad grammar should have given away a clue that this is a phishing email. Remember, do not click on links from suspicious emails.

*Stay tuned for the next simulated phishing email.
More information about the Phishing Simulation Project, as well as what are the indicators of a phishing email.