Phishing Examples 2018

Example of the latest gift card phishing email:

Evidence of Payment

---Start of Email---

Reported: October 22, 2018
Email:
From: removed <> (1)
Sent: Monday, October 22, 2018 5:57 AM
To: Removed 
Subject: Re[2]: Follow up

Hi XXX. I'm in a meeting right now and that's why I'm contacting you through here. I should have call you, but phone is not allowed to be use  (2) during the meeting. I don't know when the meeting will be rounding up, And I want you to help me out on something very important right away.

I need you to help me get an iTunes gifts card from the store, I will reimburse you back when i get to the office.

I need to send it to someone and it is very important cause i'm still in a meeting and I need to get it sent Asap. (3)

It's one of my best friend son birthday

The amount i want is $100 each in three (3) piece so that will make it a total of $300 l'll be reimbursing back to you. I need physical cards which you are going to get from the store. When you get them,just scratch it and take a picture of them and attach it to the email then send it to me here ok. (4)
I'll be waiting for a reply.
Thanks

--
Best Regards,

xxxxxxxxxxxxxx

---End of Email---
 

1.  The email address being used is not a valid CSUN email address. Be suspicious of any email address that does not use csun.edu or my.csun.edu
2.  Be suspicious of emails with poor grammar.
3.  Phishing emails will always try to create a sense of urgency that doesn't actually exist. If an issue is truly urgent, there would have been multiple emails leading up to this rather than a single email.
4. Phishing emails will go outside of the normal procurement process because they know procurement means additional approvals.

re:<email of victim>

---Start of email---

Reported: July 30, 2018
Email:
From: Removed <>
Sent: Monday, July 30, 2018 1:59 PM
To: (Removed)
Subject: re: <email of victim>

I'm going to cut to the chase. I know is your pass word.(1) Moreover, I am aware about your secret and I've proof of it.(2) You don't know me and nobody employed me to look into you.

It's just your bad luck that I came across your misdemeanor.(3) In fact, I setup a malware(2) on the adult video clips (sex sites) and you visited this web site to experience fun (you know what I mean). When you were busy watching video clips, your browser started out working as a Rdp (Remote control desktop) having a key logger which gave me accessibility to your display screen as well as web cam. After that, my software obtained all your contacts from messenger, fb, as well as e-mail.  (4)

After that I gave in much more time than I should've digging into your life and generated a double-screen video. 1st part shows the recording you were viewing and 2nd part shows the video from your cam (its you doing dirty things).

Honestly, I want to forget all about you and let you get on with your regular life. And I am about to give you two options that may accomplish that. The two options are to either ignore this letter, or just pay me $ 7050. Let’s explore those 2 options in more details.

Option One is to ignore this email message. You should know what will happen if you select this option. I will certainly send out your video to all your contacts including close relatives, co-workers, etc. It doesn't save you from the humiliation your family will face when friends and family find out your unpleasant videos from me.

Option 2 is to make the payment of $ 7050. We’ll name it my “privacy tip”. I will explain what happens if you pick this choice. Your secret will remain your secret. I'll destroy the recording immediately. You go on with your life as if nothing ever happened.

At this point you must be thinking, “I will go to the cops”. Without a doubt, I have covered my steps in order that this mail can't be traced to me also it will not prevent the evidence from destroying your life. I am not planning to dig a hole in your pocket. I am just looking to get compensated for efforts and time I put in investigating you. Let's assume you have decided to create pretty much everything vanish entirely and pay me my confidentiality fee. You'll make the payment via Bitcoins (if you do not know this, search "how to buy bitcoins" in google) (5)

Required Amount: $ 7050
Bitcoin Address to Send: 14*NwLUBaH4Tb6K7xn8Jo5qxDeXR3a2E8AS (You need to Remove * from it and note it carefully)

Share with no-one what will you be using the bitcoin for or they possibly will not sell it to you. The method to get bitcoins will take a day or two so do not procrastinate.
I have a special pixel within this message, and now I know that you've read this email. You have 48 hours to make the payment. If I do not receive the BitCoins, I will certainly send out your video recording to your contacts including members of your family, coworkers, and so forth. You better come up with an excuse for friends and family before they find out. Nevertheless, if I do get paid, I will destroy the video immediately. It is a non negotiable offer, so don't waste my time and yours. Your time has started. Let me remind you, my tracker will definitely be sharing what action you adopt when you find yourself done reading this letter. Frankly, If you try to act smart then I will send your video to your family members, colleagues even before time ends.(6)

---End of Email---

1. While it is true that foreign entities could potentially compromise your data, there is more money to be made from keeping hidden and selling compromised data, rather than asking for a lump sum like this. 
2. Whoever is phishing is attempting to create a sense of urgency by alluding to a vague secret derived from vague sites and methods. This is to scare you into paying money as soon as possible without thinking about the consequences.
3. This email contains numerous grammatical errors, and is worded very awkwardly. 
4. While the attempted phisher does cite some very specific vulnerabilities, note that a key-logger doesn't provide access to a display screen, it simply logs your keystrokes. An attack with this kind of malware could make way more money selling your passwords or waiting for you to input credit card information, so it stands to reason that a hacker would actually keep quiet about this to make more money.
5. Be especially wary of emails that tell you not to go to the cops. You have no guarantee that alleged hackers will delete any of this evidence, and thus it would be best to go to an authority for forensic or identity fraud prevention purposes.
6. Again, the email is attempting to get you to pay before action can be taken. This tactic is simply to get you to pay money before talking to someone, as you will feel there is not enough time for you to do anything else

Evidence of Payment

---Start of Email---

Reported: May 11, 2018
Email:
Date: Friday, May 11, 2018
Subject: Evidence of Payment (1)

Hi there, (2)

Your payment has been processed since Friday of last week. 
For any complains and dispute on the future payments, please let me know on time. (3)
Please download and keep for your record (5) (6)
Kindly let me know if you are unable to download your statement. (4)

View File Link (disabled) (7)

Happy Dropboxing!

---End of Email---

1. Notice how vague and unprofessional the ‘subject’ and ‘from’ sections are; authentic communications would be more specific as to why they are contacting you, especially given that this is from Dropbox. 
2. Notice the greeting, ‘Hi there’. Most professional emails will address you formally. 
3. This email contains grammatical errors. 
4. Additionally, there is no mention as to what the payment was specifically for. The email also uses first person (let ‘me’ know).
5. The third sentence has no period. Most professional ‘canned’ responses are spell checked and grammar checked first. 
6. Very rarely will alert emails ask you to download something. The majority of the time, it will ask you to go to the actual site to fix whatever needs to be changed.
7. This email included a link. Hover your cursor over links to verify its destination. If it looks suspicious, do not click on it. 

Don't Let Your Account Be Deleted

---Start of Email---

Your password was entered incorrectly more than three times. (2)

Your account is currently frozen. You still have 24 hours until your %E-mail_address account will be deleted. 
You can prevent this by unfreezing your account. 

Please click here to unfreeze your account. (disabled). (3)

This is an automated message. 

Please do not reply to this email. 

Regards, 
Office365 Team (4)

---End of Email---

1. The subject header of this email is vague. It is also unprofessional and unlikely to be the subject header for an official CSUN email.
2. If the punishment for a certain action (inputting an incorrect password) seems excessive, it’s most likely just an email attempting to scare you into doing something.
3. Be wary of links if you don’t know where they’re going to. 
4. No contact information is provided. This is very suspicious. 

Important Notice

---Start of Email---

Reported: March 22, 2018
Email:
Date: Thursday, March 22, 2018 6:17 AM
Subject: Important Notice. (1)

This is a final notification to all Students, Staffs of  California State University, Northridge that we are validating active accounts.Failure to do this within 24 hours, your account will be disabled (2) (3)

Validate Email Account (URL has been removed) (3)

Sincerely

IT Help Desk
Office of Information Technology
California State University, Northridge (5)

---End of Email---

This one is potentially more dangerous considering how specific it is.

1. The first red flag is the vague subject header. 
2. The second easily noticeable red flag is the idea that this is the “final” notification. If this email were legitimate, you would have already received previous communications before this "final" notification. 
3. This email includes some grammatical errors and misspellings. 
4. At CSUN, we do not ask users to validate accounts. The wording used here is not in line with common terminology used on campus. 
5. Official CSUN emails include a contact number or some other way of gathering information about any official procedure. Someone attempting to phish information out of you will often leave the contact information out. 

Important Document! Undisclosed Upcoming Schedule & Events

---Start of Email---

Update Notice

---Start of Email---

Reported: February 16, 2018
Email:
Date: Friday, February 16, 2018, 6:41 PM
Subject: Update Notice (1)

ATTENTION!

We recently update our Mail Server security for your protection. All students & staffs are required to update their mail box to enjoy the new security features. Failure to update within 72 hours will result to mail blocked. (2)

Update My E-mail (link has been removed) (3)

Sincerely,

CSUN Mail Security Team (4)

---End of Email---

1. The subject header does not say anything about the reason for the email. This should raise a red flag. 
2. There are numerous spelling and grammatical errors throughout the email. 
3. A link was included. Notice that there are no instructions for you to follow that would allow you to bypass using the link. Additionally, you can hover over the link with your cursor to see if it’s a legitimate URL.
4. Notice that there is no contact information included in this email. 

You Received a PDF File

---Start of Email---

Reported: February 5, 2018
Email:
Date: February 5, 2018 at 9:34:45 AM PST
Subject: You received a PDF File (1)

DocuSign

                    You received a PDF File via DocuSign

                                     REVIEW (link removed) (2)

---End of Email---

Powered By Google.

1. When files are emailed to you, the service used to send the email will specify who it came from. The fact that this information is not included is suspicious. 
2. As with all emails, please use the actual DocuSign application. Hidden links are potentially and frequently malicious.