ITS

Information Technology Services
Information Technology Services

Phishing Samples

Phishing SamplesThe best way to avoid being a victim of a phishing attack is to know what to look for. 
Here are just a few examples of phishing emails seen in circulation at Queen's.

This is not meant to be a definitive list, so don't assume a suspicious-looking email
is safe if you don't see it here.

If you're not sure of a message's authenticity, you can contact the IT Support Centre
by calling 613-533-6666 during regular business hours, or fill out the online help form.


 

April 18, 2017

  1. The email has been sent from a non Queen's email address.
    • This indicates that the sender's account has most likely been compromised.
  2. The email has been sent and copied to a non-Queen's email account.
    • If the alternate email address was being sent to, the Queen's account would also be sent to
  3. The wrong terminology is used.
    • If this were a valid email, the correct terminology would be used (i.e. NetID).
  4. Hover over the link included in the message to reveal where the link is going to
    • The link leads to a http not a https: site.Queen's would only use an https: URL.
    • The link does not direct to a Queen's page.
  5. The wrong terminology is used again.
    • ITS signs correspondence with the correct name.

  


April 13, 2017

  1. Hover over the senders name to see their identity
  2. We will not include a hidden link for you to click
    • if a link is included hover over the link to see where it is really going
    • IP address are DHCP not static.  There is no database of individual's IP address
  3. Passwords are not changed through Office 365
  4. Signature is incorrect and badly formed.

sample of phishing attempt


March 28, 2017

  1. The From: address is a Queen's email address.
    • This indicates that the sender is within the Queen's network and has had their account compromised and "spoofed."
  2. The hyperlink in the message does not lead to a legitimate Queen's webpage.
  3. This is the threat. Following the link WILL compromise your account.
  4. There is no such position within ITS and this is not how ITS will sign official email correspondence.

sample of phishing attempt


March 27, 2017

  1. The From: address is not a Queen's email address (the sender is from outside the university).
    • The sender has probably had his account "spoofed" or his credentials have been stolen by the phisher. 
  2. The link in the message appears valid, but when you hover over the link, the address does not match the text.
    • This is indicative of a bogus or malicious destination page. 
  3. The note does not contain any useful information and grammar and spelling are inaccurate. 
  4. This is the threat: following the link WILL compromise your account. 

Note:  if Queen's was to introduce two-factor authentication, it would be widely publicized through the channels that ITS already uses to bring awareness to new services. You would be able to verify via the ITS website.

screenshot illustrating phishing attempt


March 16, 2017

  1. A threat that if you do not update your information that your account will be limited.
  2. a "tiny URL" that hides its true path
    • would take you to a login page that has been designed to look like Apple's login page.
    • your credentials would be captured, and then you would be punted to the real site to login.  You would probably not realize your account was compromised.

Note:  Always navigate directly to a site; don't follow a link within an email unless you are expecting the link and trust it.


March 16, 2017

  1. Hover over the senders name to reveal more about them
    • This email came from within Queen's, probably from a compromised account.
  2. The email was personalized. When access is available through a compromised account there are different ways that hackers can gain access to the email addresses of staff. 
  3. Urges you to use the attached PDF to stop or cancel the order
    • Never follow a link to a site
    • In this case, go directly to Amazon and log into your account to verify your order history.


March 15, 2017

This phishing attempt takes you to a page requesting you to log in with your Queen's NetID and password.  If you do, then your account is compromised.  If you received this message and followed the link please contact the IT Support Centre immediately.

  1. This phishing attempt came from an individual on campus who's account has been "spoofed".  Hovers over the senders name to see their full name, department, etc.
  2. The email was personalized.  There are different ways that hackers can gain access to the email addresses of staff. 
  3. Choosing to tell you that a high ranked official for the University has sent a message is a good lure.  When you hover over the link you see it goes to a blog site.  An unsuspecting person could be tempted to follow the link.
    • following this link would take you to a login page that requests your NetID and password.  Once provided you would have access to the message,
    • unfortunately you have given up your NetID and password to read the message. 
    • Your account has been compromised.  Change your password immediately and contact the IT Support Centre.
  4. The note that the message will expire soon leads an urgency to the email. 


March 14, 2017

  1. From a non Queen's address
  2. The From:, To: and Date: field would be part of the email
  3. Just because someone tells you it is 100% authentic doesn't mean it is!
  4. ITS would not ask you to "validate" your email account; we would not shut down your account permanently; and we wouldn't give you 8 hours to comply.  If you are not sure what ITS would do - contact the IT Support Centre.
  5. Any important emails are signed.  You would be able to verify where they came from.


February 6, 2017

  1. Not from a Queen's email address
  2. Wrong name in banner
  3. Queen's does not use case ID numbers
  4. The server name is incorrect
  5. Hover over the Here link and you see it is not from Queen's
  6. The threat is implied that you will lose email or your calendar will not work.

screen shot of phishing attempt

 


January 27, 2017

It is very easy to be fooled by this phishing sample. Whenever in doubt, contact the ITSC to verify if an email is valid or not. We have highlighted the parts of the email that caught our attentions. 

  1. The picture leads us to believe the email is from a valid person.  Unfortunately this time it is from a compromised account.  Even though the email address is from Queen's doesn't make it valid.
  2. When you hover over the to address you see the real address.  In this case the From and the To has the same email address
  3. The message contains an urgency to update your account. 
  4. The URL that is provided in the email is not the real URL.  Hover over the URL and you will see where it is really going. 
  5. The signature block contains very generic information. not a real name or position or department.

screenshot illustrating phishing sample


January 23, 2017

  • The From address is not a valid Queen's account
  • the Threat is there that your account will be deleted
  • the link to follow is not a vaild Queen's link

screen shot of phishing attempt

 

November 24, 2016

  • Clicking the link would have taken you to another webpage, with the Queen's banner, requesting you to log in
  • Email was directed to individuals, not a general all staff
  • Office of the President, is not a correct term

sample of phishing attempt

 


November 11, 2016

  • Hovering on the Click link shows it is not going to a Queen's site
  • The from address is not from Queen's.  The senders email address has been "spoofed"

screenshot of phishing sample


May 18, 2016


May 16, 2016


May 16, 2016

screenshot illustrating what to look for in a phising attempt

 


March 10, 2016

sample of phishing email

 


March 3, 2016

Sample of Phishing email


February 29, 2016

sample of Phishing email


February 16, 2016

sample of phishing email

 


Click to see Email Headers


Received: from CY1PR0701MB2041.namprd07.prod.outlook.com (10.163.142.140) by
SN1PR0701MB2048.namprd07.prod.outlook.com (10.163.132.19) with Microsoft SMTP
Server (TLS) id 15.1.403.16 via Mailbox Transport; Thu, 11 Feb 2016 15:50:59
+0000
Received: from BN1PR07CA0051.namprd07.prod.outlook.com (10.255.193.26) by
CY1PR0701MB2041.namprd07.prod.outlook.com (10.163.142.140) with Microsoft
SMTP Server (TLS) id 15.1.403.16; Thu, 11 Feb 2016 15:50:57 +0000

Received: from BL2FFO11FD041.protection.gbl (2a01:111:f400:7c09::125) by
BN1PR07CA0051.outlook.office365.com (2a01:111:e400:45::26) with Microsoft
SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Thu, 11 Feb 2016
15:50:57 +0000
Authentication-Results: spf=none (sender IP is 130.15.12.27)
smtp.mailfrom=kellogg.northwestern.eduqueensuca.mail.onmicrosoft.com;
dkim=none (message not signed) header.d=none;queensuca.mail.onmicrosoft.com;
dmarc=none action=none header.from=kellogg.northwestern.edu;
Received-SPF: None (protection.outlook.comkellogg.northwestern.edu does not
designate permitted sender hosts)
Received: from qwa.queensu.ca (130.15.12.27) by
BL2FFO11FD041.mail.protection.outlook.com (10.173.161.137) with Microsoft
SMTP Server (TLS) id 15.1.415.6 via Frontend Transport; Thu, 11 Feb 2016
15:50:56 +0000
Received: from bc600c.its.queensu.ca (130.15.122.173) by
MP-DUP-HTS-02.AD.QUEENSU.CA (10.4.8.27) with Microsoft SMTP Server (TLS) id
4.3.266.1; Thu, 11 Feb 2016 10:50:39 -0500

 

X-ASG-Debug-ID: 1455205823-0604d13bb6d65c60001-3v6j7V Received: from kellogg.northwestern.edu (ksmh15.kellogg.northwestern.edu [129.105.97.249]) by bc600c.its.queensu.ca with ESMTP id ptprb84opranCKf8 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO); Thu, 11 Feb 2016 10:50:23 -0500 (EST) X-Barracuda-Envelope-From: mfleming2016@kellogg.northwestern.edu X-Barracuda-Apparent-Source-IP: 129.105.97.249 Received: from KSMH22.kellogg.local ([169.254.3.77]) by KSMH15.kellogg.local ([129.105.97.249]) with mapi id 14.03.0158.001; Thu, 11 Feb 2016 09:50:22 -0600 From: Mark Fleming <mfleming2016@kellogg.northwestern.edu>

 

To: Mark Fleming <mfleming2016@kellogg.northwestern.edu>

 

Subject: RE: Admin Notification Thread-Topic: Admin Notification X-ASG-Orig-Subj: RE: Admin Notification Thread-Index: AdFk2VE5gq98eD8NQGeBf0rxKzPA7QACngGk Date: Thu, 11 Feb 2016 15:50:22 +0000 Message-ID: <6E23C1EAD5C5D64799B2F060F474947301AE1213@KSMH22.kellogg.local> References: <6E23C1EAD5C5D64799B2F060F474947301ADA74D@KSMH22.kellogg.local> In-Reply-To: <6E23C1EAD5C5D64799B2F060F474947301ADA74D@KSMH22.kellogg.local> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [129.105.97.245] Content-Type: multipart/alternative;                 boundary="_000_6E23C1EAD5C5D64799B2F060F474947301AE1213KSMH22kellogglo_" MIME-Version: 1.0 X-Barracuda-Connect: ksmh15.kellogg.northwestern.edu[129.105.97.249] X-Barracuda-Start-Time: 1455205823 X-Barracuda-Encrypted: AES128-SHA X-Barracuda-URL: https://130.15.122.173:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at queensu.ca X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.3457 1.0000 -0.1682 X-Barracuda-Spam-Score: -0.17 X-Barracuda-Spam-Status: No, SCORE=-0.17 using global scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=7.0 tests=BSF_SC0_MISMATCH_TO, HTML_MESSAGE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.26946                 Rule breakdown below                 pts rule name              description                 ---- ---------------------- --------------------------------------------------                 0.00 BSF_SC0_MISMATCH_TO    Envelope rcpt doesn't match header                 0.00 HTML_MESSAGE           BODY: HTML included in message Return-Path: mfleming2016@kellogg.northwestern.edu Received-SPF: None (MP-DUP-HTS-02.AD.QUEENSU.CA: mfleming2016@kellogg.northwestern.edu does not designate permitted sender hosts) X-OrganizationHeadersPreserved: MP-DUP-HTS-02.AD.QUEENSU.CA X-MS-Exchange-Organization-Network-Message-Id: 6b89e4c4-e186-4b26-69d2-08d332fb217d X-EOPAttributedMessage: 0 X-MS-Exchange-Organization-MessageDirectionality: Originating X-Forefront-Antispam-Report: CIP:130.15.12.27;CTRY:CA;IPV:NLI;EFV:NLI;SFV:NSPM;SFS:(2980300002)(428002)(3190300001)(199003)(15594002)(31594003)(66654002)(164054003)(189002)(107886002)(5003600100002)(89122001)(98436002)(16236675004)(33656002)(2920100001)(75432002)(105586002)(551544002)(512934002)(3846002)(6116002)(5008740100001)(3480700003)(221733001)(5004730100002)(19580395003)(586003)(300700001)(102836003)(55846006)(11100500001)(66066001)(566704002)(6200100001)(6806005)(88552002)(4001450100002)(101416001)(15975445007)(1220700001)(189998001)(86362001)(54356999)(76176999)(92566002)(2900100001)(575784001)(450100001)(19617315012)(87936001)(84326002)(50986999)(106466001)(2950100001)(2171001)(2910100002)(2940100001)(110136002)(5001970100001)(29420400001)(84626003)(11810500003)(316204003);DIR:INB;SFP:;SCL:1;SRVR:CY1PR0701MB2041;H:qwa.queensu.ca;FPR:;SPF:None;MLV:nov;A:1;MX:1;PTR:s27.n12.queensu.ca;LANG:en; X-MS-Exchange-Organization-PRD: kellogg.northwestern.edu X-MS-Exchange-Organization-SenderIdResult: None X-CrossPremisesHeadersPromoted: BL2FFO11FD041.protection.gbl X-CrossPremisesHeadersFiltered: BL2FFO11FD041.protection.gbl X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0701MB2041; X-MS-Office365-Filtering-Correlation-Id: 6b89e4c4-e186-4b26-69d2-08d332fb217d X-MS-Exchange-Organization-AVStamp-Service: 1.0 X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(13024025)(13017025)(13015025)(13018025)(13023025)(8121501046)(3002001)(10201501046);SRVR:CY1PR0701MB2041;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0701MB2041; X-MS-Exchange-Organization-SCL: 1 SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Feb 2016 15:50:56.6611 (UTC) X-MS-Exchange-CrossTenant-Id: d61ecb3b-38b1-42d5-82c4-efb2838b925c X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d61ecb3b-38b1-42d5-82c4-efb2838b925c;Ip=[130.15.12.27];Helo=[qwa.queensu.ca] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0701MB2041 X-MS-Exchange-Organization-AuthSource: MP-DUP-HTS-02.AD.QUEENSU.CA X-MS-Exchange-Organization-AuthAs: Anonymous X-OriginatorOrg: queensuca.onmicrosoft.com X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.2932343 X-Microsoft-Exchange-Diagnostics:                 1;BL2FFO11FD041;1:UgIKUwZSd2cu+gEywKriaYMWRRSTNEyW7nua8ZyDj710Ts+6dME/j5W7ru/beLLHt4uWfPx9JSlV9T7q3j3KsRHZ8WoCyQQ4zJlBSeqizbRYzWQBbErDjv44GnH0eCg9uAVq9JI/Ic88efITg4xZsj4KbZgEIY/D+pO/ekFk/vUIoiHUqD6vEaWQoHh9PKimLZZDopNmob467X5CHVlUQDYZITXyPYm2OTDJqibKoy5/Blk0YV9s2T5t7Olc0NCZx4Gnrk5+uvDE76wmrscMgaNZ2MBu91JW01lyli1zBiIanQ66QiHNXXsu0UPqhlHAfiAGsCs4u/uBfJqSbpYsWZ8p7NapnXwT/3b71A4jaQyq9wOmmrw2NatEfQaqG/nFkxiG02nQxcZu5f3DYvg8Nb5OGW8vSZZwJYKisg98TkLBfcp6g68tRlBIK+/5PrHRXG9Nb5IkKj3l/hOwRF6UWNp2z5tYp9BSkpFnv4Wp1E5mTKO+b4nW4msD1U7WbP8i1lAxhWNJEVxLHRxJMYWWUw== X-Microsoft-Exchange-Diagnostics:                 1;CY1PR0701MB2041;2:6nq9WRxrtiHKHyvTgTQAZPmNZIhI+oA4SkIEZBEfdFrjESrI4hu3g0ScAmaBK1kQ8YNswSqVO58EyR8VXCs0vQTlyXpj9RYgQ/QaEOEpCRwZZJVxmmm0vDhQtSzwEFvOcZ2+Z3DNMVYLYwlLntPQJA==;3:HVWq+Kb5MNSgc3OCyC9GAQqRSFmrUnXjhPpmo7GrpccZ5ruaMQBcVJlCepIEdj9lXQiMsBgYTBfC1INJegwUbTb9RxCy1rJlq53fh5lSNT5PceZ8+qzyDrKAsfFYfAPWsjcRjyQAHs8FOEqCOzgpRzdN5WpjS4Rg3hwEbPtmB1kwZVHfuTh1SjqRAzn1tVS8woo5RCGewXnDsTyBFzpgbskXVYl2fA4cJaLCrV7RddE=;25:zRpFMquUHk+TWJgFANzENKV1YdeFuO0fwNKqJ6p68S6pF6d1zBLsB+jWuYkEY/JF9Iu/ZAULRjZ4QdkT+D/JE5KqHJ57bI3XljvJZv6QtjL/Gg1r9u/SuuKryMVEd8b+D36WfiZRM5He5nggTMAT6cB9BzkpZoj9SE4nKMSv2C6FTxmqvTyozwYAjXQoJbpuKiobDv1dvFmrCJfX1M/al0+T9gtrGleUUtGkZhLhY4jiN4s6CIixlGHk5YNsAD1VhLb/FxmZLUFHdTD4awXRS24h8LMJPbd23T+28HIw1DV+pkNvEy+3iYI1vbhEB+gQ X-Microsoft-Exchange-Diagnostics:                 1;CY1PR0701MB2041;20:vlD6FMDZC9hcNyIWab5+151utypoXXHo9ofNb3/gDRcuPOsf12VedTRddporiQzPIxQjGvzlcnEAHEo6G8+03On4XXlgZRw1OU0NPeWDqKqzWYGvFDYwiR2B89CTdgmU5zanASsjpaKbyIg7bwdvn+JBw2vMOrM4tn33ootyKEE/SuPyHNqVrls/nWU5Clg8bjpy+YZtuDvHPzPhmJNRQcY2NEwn4MHXTDQbhZNa7SB3PrhlpltrmDjPPanVREFBYvMWv0p41pX4jy+6NKAXRWPiI2jGHFjFCDepnDxM/p5svExbaDPnsyCeAVrvSjiXTWfGXiJ3y8CysfasaPB/f0S5NAAYbLB2MyVI+CrcPsIs5dUywzX5RikAUg1lswpBwmE6AR7yJT1j0snKwFhNI41TtRocANdSN7SPd9MUzQ19jfq1tYpcVdSjtS9rG7jHcoS6tuabnrikngSABmuJxhx42V7VEN5d+1I/qYwXbmhyQ6DR0ouzkNQ1cTXVyL6H;4:V67SXS5MT5mQlGy1lzmX2I7YZVZSrK+pQ3aTNG0T/ZgnqeFHFU29Kfzpr6kKbdVfepVviJAxzE72dAjnP3x+tRUWdE+5WpFxB2KzRAhuDz5uNxN0lVyBTZw150XD3qiUP6fIuHfhwixlFfTOvbRcC40qBHIAta8OulhJn0l3JQ+3BFqmyfegofOgwdzQouysh17KbSB2MDWSQd5JlN8NdrK2yFsYTBo7PPOiSavTMlMlu10lW7bdxbeJ6NH9RCPyha1TUa84x4pbY2hvz87pBZ3ZGFwLgUjVLNHjEvW2VdzT6JgGoRDgFsob6bhCHJOHBzBY9kXF3y41Xr3gyZ9lA/NSE1YXb5CioYSQGNzpKpXQueyny6SN37GFZuVrxRV+qwp8TJPuPmdE+Y7YzeO99TgfKs1coNRj9K9pcU5aekS1sTa6IWuP3cAgPUUEYGGo X-Microsoft-Exchange-Diagnostics:                 =?us-ascii?Q?1;CY1PR0701MB2041;23:otcMtRCcZwYffQsx124I3HojZXudPuJrcSJnf9B?= =?us-ascii?Q?NDO2icw4PrqFkWUea/4vz6IKYr+PDvp8rj1WBDUINJYrPNPYdd2Kq/arBo18?= =?us-ascii?Q?Djj8eVEifw9kykLQXzMthVZBuNCfWQRPN0pvyGwyuYTuN3fwze889rLu/51c?= =?us-ascii?Q?REUcRGRh2Xg9DvvXaERLBZ7ez7fY5mkVReQjuD+sQUuimKV+MCpCrvEQeIee?= =?us-ascii?Q?bdshMepq9DXJ/NtwirFOFrjXp7aKn9gpyNDVKYApmVR1DaERW7LHkc4UcNgK?= =?us-ascii?Q?EE0+ShQ81nvH8OVTJzT5YXLWhhwx9KqnYzg6vU17IrEZrEfig7sELWuyfEMP?= =?us-ascii?Q?xqWV9cZhDv/C4Gt78fGoHcv17644vmnnyTfXVT4l1B8P2CTc3Dx8ToS6Kebv?= =?us-ascii?Q?Mv3awGPJXZaRpXgCXBBqt0GAktsCxRSOoa60LCmm1axCGpDgoBf4gwiBPXhq?= =?us-ascii?Q?43f+sMfgUKWhHAfBbngqqZpTDsCn8YpYaoRO1B4phEn8JkEbQ5VARNE0N2Sg?= =?us-ascii?Q?eICINwT5YAgbTb/3b59WAbe4yT1QWKeu+uhxtCYOkQAjJgovEUmZzwcNSCx6?= =?us-ascii?Q?tXA2vQzaqL/0cr+Z8dEx9XojdYuRqBENfiDU4XAVJqKVS2n8PErvPWeD/U04?= =?us-ascii?Q?VftcLokRc4lD3tJ+eMa5QkrS34JCR4jIjuMe+ZzvxJtl4PGlcE9W3RidoyUF?= =?us-ascii?Q?3aAL5L4riHryGqrOK7IfJqpM3jl6PzacaxR2Pvw4EuVu/0ymd7XwxFi9oFFR?= =?us-ascii?Q?w4hLvVjVTbAzGqbrowMpIHRb2qKIBFKd18JnVrwbyAYP4lQ6+6o6v/tZdK9E?= =?us-ascii?Q?FYQ5QZwfoa8NZRit287rJ7NAoVfHwHaNu9cTe+C5MvL7U8I2pEFgXBbfmbO0?= =?us-ascii?Q?RsllgSVHgroCUPnvpvNzxolOgMvC6aerJgUDjmatE8akzPjT/BVXJwETRGFW?= =?us-ascii?Q?R2eU8HxbxOcjuR3Ifq/XKNIXxBtxLwMEpivbd5hvO6cHMgnUTAJMTVDasorc?= =?us-ascii?Q?LpW7UR2yPdwnqRR47w3bw8SsgRV5Laij10W8v4ISTMEfGhKMe21fqvFOzqZr?= =?us-ascii?Q?SQjex4D5ZXF+N5kHmr4u5u1R4LQF8p7q4aP0oRP8UInwNk5/fdRM5PX9DZSd?= =?us-ascii?Q?8FS+xBYlYc4LqiS+a4iZV6LMLwoQhGtf1QSClc4T/2++z2S563igGR0JoORh?= =?us-ascii?Q?gm24n9olx7bXbE+a3Pjn6MTc7NEzpRN1DAPxOz2rnQHVweSAWFAYq+8kKSyI?= =?us-ascii?Q?k5laY1UweeE4kTqvZqCjmVQprgpsjCtt0WngMK3hmAvDyylF+fE4a6a/KGKJ?= =?us-ascii?Q?cmQHmLvGhRE0JfpsN5goE47uoWiCnmO0FEbiwAcOinyr0bf4vD/c3m2de1B5?= =?us-ascii?Q?AoJb3sgA+g8UQAJQ1F//QgZGixnFH5Hf7cTPkm5ietpr4kbNu2XKAepThSpp?= =?us-ascii?Q?Knaz8HGURpzAHx5SqAdJa/sUR5hCIVA2diWyvzBw8S8P9JQnduIXC54em9GM?= =?us-ascii?Q?GeKfBkejSkwYkG8LIo9LtQLemejFaUECYvNQ7ED8gXjZzuhPTqAxxVQ3NEX9?= =?us-ascii?Q?r8Aq6BcH9eZlmMfG0jOHXC4q6NaEN55RLnVRQSSDQYrbunsxBPaFrTM7FkhU?= =?us-ascii?Q?F7cuOFAmw/XJSZ5M1vnvh1XvQImhtmcA0u6+6QE6T8NarC3XoWgUVy8wsOQR?= =?us-ascii?Q?B4XUB?= X-Microsoft-Exchange-Diagnostics:                 1;CY1PR0701MB2041;5:fFly9bSEG+rZ0941SgSeSaTMR0MASPVPjt84aTC92G1Sz2fB8F66ArNRxO9MsBD0EnrYnAU2XQjYjslyq61iEeiyrPuUSQh+YK5S2TxcYN8zFwQptDu3AwYeuxPlpJ1f51QOr2s/J3n5Q+cVKssRA==;24:aBPPVelaMPF5jteblSvvItCPSeiLE/Dd+o2+VC6h/eOs+WleiV4YOA0XfSy4iqCZhKWgj2o6iKx5Cs1iDJUqX0NskYVUUIZswpjjtL69JEg= X-Microsoft-Exchange-Diagnostics:                 1;SN1PR0701MB2048;9:DXRSXP9YUysEzYPvkpDLyMPXH81ZHFdn+5akb9xvowpJoYKDJ5rehUKq36VOOGiBUoyU+JE8Sc4dudc99RtL1GJaW6kawZOShdpUAywHM8Jx1o+Y6KFt8xat/jfZldTrk0bDk/eJfORWsB0YFFoIuQ==


This first example below uses a method called email spoofing, where an email message is sent from a forged sender address (in this case, a valid @queensu.ca email address) in order to mislead the recipient about the origin of the message.

 

phishing sample

 

phishing sample

 

phishing sample


Sample 1

This first example shows some of the typical characteristics of a phishing email. Not only does it ask for confidential information in a threatening manner, but it was sent from a non-Queen's email address, includes a generic salutation and is poorly written.

Phishing Sample


Sample 2 - "Spear Phishing" 

This second email is an example of "spear phishing," or an email that is targeted to a specific group of people. This message, falsely attributed to Chancellor David Dodge, was circulated to Queen's students, informing them about the cancellation of classes. An obvious indication that the email was fake was that it was sent after the last day of classes. So there were no classes to cancel on the following week.

 Phishing sample