Phishing: Catch of the Day

Received Monday September 13, 2021

This phish attempts to lure the user into clicking the embedded link and opening a web page by claiming to be a Fax. The web page may try to get you to give away your credentials or have you download a file that will install a computer virus on your computer.

The red flags in this phishing email are:

1. The sender is “647867454564786745456478674545@tropicalcomfortservices.com”.  This isn’t a trusted alma.edu email address.
2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
3. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
4. It came from the 647 area code, Toronto, Ontario.  It’s not out of the question that you may receive a fax from someone in Toronto, but many people don’t know anyone there.
5. The the date and day are incorrect.
6. Pages received is one and it has a duration of 24 seconds.  They got their phishing emails mixed up and got confused between a fax and a voice mail.
7. Hovering your pointer over the “REVIEW ONLINE” shows the embedded link doesn’t go to the eFax website (efax.com).

---

Received Monday July 19, 2021

This phish attempts to lure the user into giving away their credentials by claiming your messages aren’t being delivered as the result of out-of-date address information.

The red flags in this phishing email are:

1. The email claims to be from “quarantine@messaging-micorsoft.com”.  The sender’s email address isn’t a trusted alma.edu or a Microsoft address and Microsoft is misspelled “Micorsoft”.
2. The “[External]” tag in the subject line warns that this message was not sent from an Alma College system.
3. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
4. Hovering your pointer over your email address link, the “Sign In” link or the “Send feedback” shows that it leads to a non-trusted alma.edu/Microsoft website.

---

Received Monday July 19, 2021

This phish has a bit of an identity crisis.  The sender can’t decide if they’re from Alma or Microsoft.

This phish attempts to lure the user into opening an HTML (web page) file. This file may contain malware to infect your computer or present a login page to capture your credentials.

Here is another example of a scammer claiming the email is on the “safe senders list”, when in fact, this is meant to falsely reassure you that the message is safe.

The red flags in this phishing email are:

1. The email claims to be from “Alma” but the sender’s email address isn’t a trusted alma.edu address.
2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
3. The HTML file attachment.
4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
5. A sentence indicating this is from the “safe senders list”. This is intended to give you a false sense of security.
6. The sender sent the file via “Microsoft Shared File”.  “Microsoft Shared File” is not a system.
7. Microsoft doesn’t send emails and signed “Microsoft”.

---

Received Wednesday July 14, 2021

This phish pretends to be from an Alma College VP/manager/supervisor and attempts to lure the user into replying to the email.  After you reply, you are asked to buy a gift card, like a Google Play or iTunes card, and give them the numbers on the back of the card. If they ask you to do this, they’re trying to scam you.

On a related note: while not a phishing email, if someone calls you and demands you pay them with gift cards, you can bet a scammer is behind that call. Once they have the gift card number and the PIN, they have your money. No real business or government agency will ever insist you pay them with a gift card. 

The red flags in this phishing email are:

1. The email claims to be from an Alma College VP/manager/supervisor, but the sender’s email address doesn’t match the name and is not a trusted alma.edu email address.
2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
3. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
4. The email asks simply “are you available” and signs the name of the VP/manager/supervisor.

---

Received Thursday July 8, 2021

This phish attempts to lure the user into opening an HTML (web page) file.  This file may contain malware to infect your computer or present a login page to capture your credentials.

The red flags in this phishing email are:

1. The email claims to be from “Alma IT-HelpDesk” but the sender’s email address isn’t a trusted alma.edu address.
2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
3. The HTML file attachment.
4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
5. SharePoint files are not typically shared as attachments.  Normally they are shared as file links.
6. “IT HelpDesk@alma” is not a valid email address.

---

Received Wednesday July 7, 2021

This phish attempts to lure the user into opening an attachment that claims to be a voice mail from the IRS.  This file may contain malware to infect your computer.

The red flags in this phishing email are:

1. The email is from someone called “—VN**Portal” and the sender’s email address isn’t a trusted alma.edu address.
2. The “[External]” tag in the subject line warns that this message was not sent from an Alma College system.
3. The attachment is an Outlook item, meaning it would open another email.
4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.

---

Received Friday July 2, 2021

This “password expires” phish attempts to lure the user into giving away their credentials by claiming your password expires in 24 hours.

The red flags in this phishing email are:

1. The email claims to be from “IT Support alma.edu” but the sender’s email address isn’t a trusted alma.edu address.
2. The “[External]” tag in the subject line warns that this message was not sent from an Alma College system.
3. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
4. Hovering your pointer over the “keep my current password” link shows that it leads to a non-trusted alma.edu website

---

Received Monday June 28, 2021

This phish attempts to lure the user into opening an HTML (web page) file. This file may contain malware to infect your computer or present a login page to capture your credentials.

This phish is especially interesting because they try to get you to let down your guard by stating “This sender has been verified from the safe senders list.Alma.edu”.  Email addresses on the safe senders list are not announced as “safe”.

The red flags in this phishing email are:

1. The email claims to be from “Alma DESK-TEAM” but the sender’s email address isn’t a trusted alma.edu address.
2. The “[External]” tag in the subject line warns this message was not sent from an Alma College system.
3. The HTML file attachment.
4. The “Caution” header in the message body warns that this message was not sent from an Alma College system.
5. “Safe Sender” headers are not inserted in emails.  This is intended to give you a false sense of security.

---