Recent Phishing Email Examples

We are planning on regularly posting recent phishing email examples that are received by users at UCL. This is the first one with some ideas on what to look out for in this and other phishing emails:

1. The sent from address – the sent from address is somewhat random, it is not a UCL email address, in fact in this case it is an email address from the Government of Bermuda!
2. The sent to address – legitimate emails should be addressed to your actual email address.
3. The subject line – there is no Microsoft Active Directory team at UCL. It’s an unusual subject line, it doesn’t explain the contents of the email.
4. The opening line – phishing emails often open with ‘Dear User’, in this case the email says ‘Dear E-mail User’, a legitimate email should use your actual name.
5. The sense of urgency – phishing emails often try to scare users into doing something quickly without thinking about it properly, in this case they are asking the user to respond by clicking the dodgy link to avoid their account being closed.
6. The link / domain – you cannot see from the above screenshot but the link does not go to a UCL domain, it goes to a random website. Remember to hover over a link to see where it’s going before you click on it.
7. The signature – there is no Microsoft Active Directory team at UCL, if you are ever in doubt please check with ISD.

One thing to bear in mind is that easier phishing emails like the one above have been designed so that they could be relevant to any organisation. Ask yourself when reading a possible phishing email if it is relevant to you and UCL.

Of course, this example is a fairly easy one to spot – there will be others that are more targeted and harder to identify. As always, if in doubt please ask us.