Phish Tank
Cyber criminals use a variety of tricks to disguise themselves as legitimate companies, your colleagues, and people you would normally trust. Make sure you know who you are really communicating with and be careful of suspicious links. Phishing is a kind of Social Engineering attack in which a bad actor poses as a trusted or reputable source and sends fraudulent emails with the intent of manipulating individuals into revealing personal or protected information, or with the intent of gaining unauthorized access to a system through a download or link.
The Phish Tank is a compilation of recent emails that were reported to GSC Information Technology and have been verified as malicious phishing attempts against our college. If you receive a suspicious email that appears to be a phishing attempt, please forward it to cybersecurity@gordonstate.edu. If you mistakenly provided credentials to a phishing email, please change your network password immediately.
Tips to Avoid Being a Victim of Phishing
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete.
- Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Pay attention to the website’s URL (hover your mouse over the URL to identify the “real” link – it should appear in the tooltip). Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
- Most phishing emails will contain bad grammar or misspelled words (the email that was sent below is a good example)
- If you are unsure whether an email request is legitimate, try to verify it by contacting the person/company directly via phone. Also, search for the company online – but not with information provided in the email.
Phishing Examples:
2018-10-28 | Phishing Message
Subject: URGENT or Hello
Are you Available?
Sent from myMail for iOS
2018-09-25 | Phishing Message
Subject: Re: Re: new sections
Unable to display this message
[link]: Click here to open this message
2018-05-13 | Phishing Message
[Attachment] One Drive.2docx(4).docx
Hello,
Please find attached the Look Ahead files for Friday 11 May 2018
Thank You
2018-04-10 | Phishing Message
Subject: Employee 2018 Policy Updates
Hello. Kindly [link] Sign In and review our Employee 2018 Policy Updates.
Thanks
Admin © 2018 ADP America, Inc. All Rights Reserved
2018-02-28 | Phishing Message
Subject: Kind Assistance
Good morning,
Hope my mail find you well?
Kindly assist me transfer $560 into my attorney bank account stated below and forward to me the receipt.
Bank Info:
Bank Name: Chase Bank
Account Number: 951375885.
Account Name: Donna maiello.
Routing Number: 267084131.
Bank address: 19001 Bruce b downs Blvd Tampa,Fl 33647. USA
I would request your bank details next week and refund back.
Thank you.
2018-02-08 | Phishing Message
Subject: ACTION REQUIRED: MAILBOX UGRADE
Dear User,
This is to inform you that microsoft Outlook will discontinue support on
your account and security and you will no longer have access to many of the latest
features for improved conversations, contacts, and attachments.
Take a minute to update your account for a faster, safer and full-featured
Microsoft Outlook experience
[Link] Update Your Account
sincerely
Outlook.com Team
Microsoft respects your privacy, [Link] review our online privacy statement