Example01: NOTICE BY THE IT

Scammers attempt to impersonate IT Staff

Email scams are one of the primary ways that malicious actors infiltrate organizations. Many of the recent large cybersecurity breaches in the news began with malicious actors sending scam or phishing emails. Attackers impersonate University IT to try and convey a sense of authority and urgency.

Common attack techniques:

Fake University branded login pages
Web forms to collect credentials & sensitive information
Infected attachments or malicious links to install malware

Indicators of Phishing:

Sender is from the student domain. University IT will not send alerts from student accounts. This indicates a potentially compromised account.
The display URL is suspicious, and not linked to WCU: www/ITDesktop[.]com
Hovering over the link displays a suspicious form URL: https://form.jotform[.]com/*
Slightly broken Enlglish, very poor formatting

Other Similar examples:

Your School Office 365 Microsoft account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account, please Verify your email immediately to avoid Deactivation. CLICK HERE

Thank You

CITS Microsoft Team

Scammers attempt to impersonate IT Staff

Common attack techniques:

Indicators of Phishing:

Other Similar examples:

Recent Posts