{"id":2685,"date":"2019-02-21T10:03:38","date_gmt":"2019-02-21T18:03:38","guid":{"rendered":"http:\/\/tfrec.cahnrs.wsu.edu\/admin\/?page_id=2685"},"modified":"2023-10-02T15:17:07","modified_gmt":"2023-10-02T22:17:07","slug":"phishing-gallery","status":"publish","type":"page","link":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/phishing-gallery\/","title":{"rendered":"Phishing Examples"},"content":{"rendered":"\n<p>Here are a few examples of emails I&#8217;ve received that were supposedly from various people at the WSU IT Helpdesk (which does not exist by that name). All of these are phishing attempts. Never click on a link inside these messages. WSU IT Support will never send you an email requiring you to click to verify account information, especially with a hidden URL. WSU will never ask for your password or other personal information via email. For more information about phishing, visit the <a href=\"https:\/\/security.wsu.edu\/phishing\/\" data-type=\"URL\" data-id=\"https:\/\/security.wsu.edu\/phishing\/\">IT website<\/a>. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Typical features to look for:<\/h2>\n\n\n\n<ul class=\" wsu-list--columns-2\">\n<li>Grammatical or spelling errors<\/li>\n\n\n\n<li>Odd wording including impersonal or awkward greetings<\/li>\n\n\n\n<li>Some kind of ultimatum or threat issued to make you act quickly without thinking<\/li>\n\n\n\n<li>Message&nbsp;or link in ALL CAPS (gives the feeling of being yelled at)<\/li>\n\n\n\n<li>No recipient name or name other than yours<\/li>\n\n\n\n<li>Fake URL &#8211; official WSU websites and email addresses always end in wsu.edu.<\/li>\n\n\n\n<li>Email is missing a signature and\/or contact information from the sender.<\/li>\n\n\n\n<li>WSU DOES NOT request credentials via email<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Examples of phishing emails<br> <\/h3>\n\n\n\n<p><em>(<\/em>Notice<em> that each indicates the email was forwarded to <a href=\"mailto:abuse@wsu.edu\">abuse@wsu.edu<\/a> &#8211; which you should do for each one you receive.)<\/em><\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-4 is-cropped wp-block-gallery-1 is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-7.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"430\" data-id=\"2694\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-7-1024x430.png\" alt=\"Example of phishing email with Click this link text.\" class=\"wp-image-2694\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-7-1024x430.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-7-300x126.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-7-768x323.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-7.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-4.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"665\" data-id=\"2691\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-4-1024x665.png\" alt=\"Example of phishing email.\" class=\"wp-image-2691\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-4-1024x665.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-4-300x195.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-4-768x499.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-4.png 1284w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-5.png\"><img decoding=\"async\" loading=\"lazy\" width=\"856\" height=\"308\" data-id=\"2692\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-5.png\" alt=\"Example of phishing email with verify link.\" class=\"wp-image-2692\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-5.png 856w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-5-300x108.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-5-768x276.png 768w\" sizes=\"(max-width: 856px) 100vw, 856px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-6.png\"><img decoding=\"async\" loading=\"lazy\" width=\"956\" height=\"594\" data-id=\"2693\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-6.png\" alt=\"Example of phishing email asking for login credentials.\" class=\"wp-image-2693\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-6.png 956w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-6-300x186.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-6-768x477.png 768w\" sizes=\"(max-width: 956px) 100vw, 956px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-3.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"604\" data-id=\"2690\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-3-1024x604.png\" alt=\"Example of phishing email claiming your account needs verified.\" class=\"wp-image-2690\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-3-1024x604.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-3-300x177.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-3-768x453.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-3.png 1286w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-2.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"613\" data-id=\"2689\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-2-1024x613.png\" alt=\"Example of phishing email claiming email is suspended.\" class=\"wp-image-2689\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-2-1024x613.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-2-300x180.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-2-768x460.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_exp-2.png 1286w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phish-w-IP-1.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"531\" data-id=\"2688\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phish-w-IP-1-1024x531.png\" alt=\"Example of phishing email asking for validation of account.\" class=\"wp-image-2688\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phish-w-IP-1-1024x531.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phish-w-IP-1-300x156.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phish-w-IP-1-768x398.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phish-w-IP-1-1536x797.png 1536w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phish-w-IP-1.png 1550w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Password-reset-scam.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"495\" data-id=\"2687\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Password-reset-scam-1024x495.png\" alt=\"Example of phishing email asking user to verify account by logging in.\" class=\"wp-image-2687\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Password-reset-scam-1024x495.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Password-reset-scam-300x145.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Password-reset-scam-768x371.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Password-reset-scam.png 1096w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_expl-1.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"473\" data-id=\"2695\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_expl-1-1024x473.png\" alt=\"Phishing email example.\" class=\"wp-image-2695\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_expl-1-1024x473.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_expl-1-300x139.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_expl-1-768x355.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_expl-1.png 1446w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_5-8-20.png\"><img decoding=\"async\" loading=\"lazy\" width=\"877\" height=\"1024\" data-id=\"4310\"  src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_5-8-20-877x1024.png\" alt=\"Phishing email example with malicious link examples.\" class=\"wp-image-4310\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_5-8-20-877x1024.png 877w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_5-8-20-257x300.png 257w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_5-8-20-768x896.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Phishing_5-8-20.png 1136w\" sizes=\"(max-width: 877px) 100vw, 877px\" \/><\/a><\/figure>\n<\/figure>\n\n\n\n<p>Here&#8217;s something that recently came in. It looks to be from the IT desk closing out a support ticket that you don&#8217;t remember submitting. Although that&nbsp;is the first thing that should raise your suspicion about it being fake, there are several other items that should tip you off to it being a scam. Below, I have a side-by-side comparison of a questionable email (left) and a real email (right). There are a few more problems with the fake than what I&#8217;ve pointed out. Can you spot them? Take a look:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp.png\"><img decoding=\"async\" loading=\"lazy\" width=\"2536\" height=\"1274\" src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp.png\" alt=\"Side-by-side comparison of fake and phishing email.\" class=\"wp-image-2697\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp.png 2536w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp-300x151.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp-1024x514.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp-768x386.png 768w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp-1536x772.png 1536w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Good-vs-bad_ticket-resp-2048x1029.png 2048w\" sizes=\"(max-width: 2536px) 100vw, 2536px\" \/><\/a><\/figure><\/div>\n\n\n<p>OK, here&#8217;s another example. Can you detect the suspicious content?<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/phishing-exp-10.png\"><img decoding=\"async\" loading=\"lazy\" width=\"797\" height=\"586\" src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/phishing-exp-10.png\" alt=\"Example of phishing email asking for change of name information.\" class=\"wp-image-2698\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/phishing-exp-10.png 797w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/phishing-exp-10-300x221.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/phishing-exp-10-768x565.png 768w\" sizes=\"(max-width: 797px) 100vw, 797px\" \/><\/a><\/figure><\/div>\n\n\n<p>What&#8217;s your first clue?<\/p>\n\n\n\n<ul>\n<li>You didn&#8217;t request a name change.<\/li>\n\n\n\n<li>We don&#8217;t have something called &#8220;university electronic resource.&#8221;<\/li>\n\n\n\n<li>Anything you submit to it.support is assigned a &#8220;ticket #&#8221; &#8211; not a case ID<\/li>\n\n\n\n<li>Embedded link to change your request instead of telling you to go to the support page to check\/change your ticket status.<\/li>\n\n\n\n<li>The closing salutation: ours won&#8217;t say &#8220;Best Regards&#8221;<\/li>\n\n\n\n<li>What the heck is Information Technology and Emerging Technologies\/ Information and HIPAA Security?<\/li>\n\n\n\n<li>HWCOM???<\/li>\n<\/ul>\n\n\n\n<p>There are more odd&nbsp;items in this email, but I&#8217;ll let you see if you can spot them. The bottom line here is that if you get some sort of email claiming to be in response to something you requested &#8211; that you don&#8217;t recall or know you didn&#8217;t do &#8211; it is most likely fake. If in doubt forward it to abuse@wsu.edu and ask them to verify if it&#8217;s real.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Netflix Phishing<\/h4>\n\n\n\n<p>I&#8217;ve pointed out a few key items to notice. Can spot other clues?<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Netflix-phishing.png\"><img decoding=\"async\" loading=\"lazy\" width=\"1366\" height=\"1014\" src=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Netflix-phishing.png\" alt=\"Example of Netflix phishing email.\" class=\"wp-image-2711\" srcset=\"https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Netflix-phishing.png 1366w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Netflix-phishing-300x223.png 300w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Netflix-phishing-1024x760.png 1024w, https:\/\/wpcdn.web.wsu.edu\/cahnrs\/uploads\/sites\/25\/Netflix-phishing-768x570.png 768w\" sizes=\"(max-width: 1366px) 100vw, 1366px\" \/><\/a><\/figure><\/div>","protected":false},"excerpt":{"rendered":"<p>Here are a few examples of emails I&#8217;ve received that were supposedly from various people at the WSU IT Helpdesk (which does not exist by that name). All of these are phishing attempts. Never click on a link inside these messages. WSU IT Support will never send you an email requiring you to click to&hellip;<\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_expiration_date":""},"categories":[],"tags":[],"_links":{"self":[{"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/pages\/2685"}],"collection":[{"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/comments?post=2685"}],"version-history":[{"count":1,"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/pages\/2685\/revisions"}],"predecessor-version":[{"id":7053,"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/pages\/2685\/revisions\/7053"}],"wp:attachment":[{"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/media?parent=2685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/categories?post=2685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tfrec.cahnrs.wsu.edu\/admin\/wp-json\/wp\/v2\/tags?post=2685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}