Information Technology Services

Phishing: Catch of the Day

As part of our phishing awareness campaign, Catch of the Day features recent phishing attempts directed at the college and reported by the campus community.  Messages are listed by the date received with personal information removed and red flags highlighted.

Received Monday September 13, 2021

This phish attempts to lure the user into clicking the embedded link and opening a web page by claiming to be a Fax. The web page may try to get you to give away your credentials or have you download a file that will install a computer virus on your computer.

The red flags in this phishing email are:

  1. The jumbled mess in the From: line.  It’s difficult to tell that the sender is “647867454564786745456478674545@tropicalcomfortservices.com” and that’s a red flag if you can find it.
  2. They sent a “NEW PAPERLESS MESSAGE”.  That’s very kind of them.  Email and eFax are paperless, you don’t have to announce it.
  3. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
  4. It came from the 647 area code, Toronto, Ontario.  It’s not out of the question that you may receive a fax from someone in Toronto, but many people don’t know anyone there.
  5. They couldn’t get the date and day correct.
  6. Pages received is one and it has a duration of 24 seconds.  They got their phishing emails mixed up and got confused between a fax and a voice mail.
  7. The embedded link doesn’t go to the eFax website (efax.com).

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...


Received Monday July 19, 2021

This phish attempts to lure the user into giving away their credentials by claiming your messages aren’t being delivered as the result of out-of-date address information.

The red flags in this phishing email are:

  1. The email claims to be from “quarantine@messaging-micorsoft.com”.  The sender’s email address isn’t a trusted alma.edu or a Microsoft address and Microsoft is spelled “Micorsoft”.
  2. The “[External]” tag in the subject line warns that this message was not sent from an Alma College system.
  3. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
  4. Hovering your pointer over your email address link, the “Sign In” link or the “Send feedback” shows that it leads to a non-trusted alma.edu/Microsoft website.

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...


Received Monday July 19, 2021

This phish has a bit of an identity crisis.  The sender can’t decide if they’re from Alma or Microsoft.

This phish attempts to lure the user into opening an HTML (web page) file. This file may contain malware to infect your computer or present a login page to capture your credentials.

Here is another example of a scammer claiming the email is on the “safe senders list”, when in fact, this is meant to falsely reassure you that the message is safe.

The red flags in this phishing email are:

  1. The email claims to be from “Alma” but the sender’s email address isn’t a trusted alma.edu address.
  2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
  3. The HTML file attachment.
  4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
  5. “Safe Sender” headers are not inserted in emails. This is intended to give you a false sense of security.
  6. The sender sent the file via “Microsoft Shared File”.  “Microsoft Shared File” doesn’t exist, it’s not a thing.  Just bad grammar.
  7. Microsoft doesn’t send emails and just sign them “Microsoft”.

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...


Received Wednesday July 14, 2021

This phish pretends to be from an Alma College VP/manager/supervisor and attempts to lure the user into replying to the email.  After you reply, you are asked to buy a gift card, like a Google Play or iTunes card, and give them the numbers on the back of the card. If they ask you to do this, they’re trying to scam you.

On a related note: while not a phishing email, if someone calls you and demands you pay them with gift cards, you can bet a scammer is behind that call. Once they have the gift card number and the PIN, they have your money. No real business or government agency will ever insist you pay them with a gift card. 

The red flags in this phishing email are:

  1. The email claims to be from an Alma College VP/manager/supervisor, but the sender’s email address doesn’t match the name and is not a trusted alma.edu email address.
  2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
  3. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
  4. The email asks simply “are you available” and signs the name of the VP/manager/supervisor.

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...


Received Thursday July 8, 2021

This phish attempts to lure the user into opening an HTML (web page) file.  This file may contain malware to infect your computer or present a login page to capture your credentials.

The red flags in this phishing email are:

  1. The email claims to be from “Alma IT-HelpDesk” but the sender’s email address isn’t a trusted alma.edu address.
  2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
  3. The HTML file attachment.
  4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
  5. SharePoint files are not typically shared as attachments.  Normally they are shared as file links.
  6. “IT HelpDesk@alma” is not a valid email address.

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...


Received Wednesday July 7, 2021

This phish attempts to lure the user into opening an attachment that claims to be a voice mail from the IRS.  This file may contain malware to infect your computer.

Phishing messages claiming to be from the IRS or some other government agency often try to create a sense of insecurity, trying to catch you off-guard.

The red flags in this phishing email are:

  1. The email is from someone called “—VN**Portal” and the sender’s email address isn’t a trusted alma.edu address.
  2. The “[External]” tag in the subject line warns that this message was not sent from an Alma College system.
  3. The attachment is an Outlook item, meaning it would open another email.
  4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...


Received Friday July 2, 2021

This “password expires” phish attempts to lure the user into giving away their credentials by claiming your password expires in 24 hours.

The red flags in this phishing email are:

  1. The email claims to be from “IT Support alma.edu” but the sender’s email address isn’t a trusted alma.edu address.
  2. The “[External]” tag in the subject line warns that this message was not sent from an Alma College system.
  3. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
  4. Hovering your pointer over the “keep my current password” link shows that it leads to a non-trusted alma.edu website

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...


Received Monday June 28, 2021

This phish attempts to lure the user into opening an HTML (web page) file. This file may contain malware to infect your computer or present a login page to capture your credentials.

This phish is especially interesting because they try to get you to let down your guard by stating “This sender has been verified from the safe senders list.Alma.edu”.  Email addresses on the safe senders list are not announced as “safe”.

The red flags in this phishing email are:

  1. The email claims to be from “Alma DESK-TEAM” but the sender’s email address isn’t a trusted alma.edu address.
  2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
  3. The HTML file attachment.
  4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
  5. “Safe Sender” headers are not inserted in emails.  This is intended to give you a false sense of security.

Here is an example of a phising email with markings as to what is suspicious. The reasons are lis...