ITS Information Security - Phish Pond

Welcome to the Phish Pond. On this page we'll post screenshots of recently encountered real world phishing attacks.  If you need help identifying phishing, sign-up for one of our training sessions, or watch our online training session here.  As always, if you find one, report it to:

DocSign Phish - April 20, 2018

posted Apr 20, 2018, 10:55 AM by Greg Rodenhiser

DocSign phish looks like a file share, however the attached file really contains a link to a likely compromised WordPress blog.

OneDrive Phish - November 2, 2017

posted Nov 2, 2017, 1:44 PM by Greg Rodenhiser

This was a phish containing a link to a PDF stored/hosted in real Google Docs.  The PDF had a link to a malicious site.

Office Doc Phish - October 23, 2017

posted Oct 25, 2017, 1:12 PM by Greg Rodenhiser

This phish follows a common trend we've seen reported a lot recently of a PDF attachment containing a link to a likely malicious site. 

Another DocuSign Phish - October 25, 2017

posted Oct 25, 2017, 8:03 AM by Greg Rodenhiser

Here's another DocuSign phish a few days after the previous one.  It too uses an attached PDF purporting to be from DocuSign with a link, this time to a website in Russia looking for login credentials. 

Docusign Phish - October 20, 2017

posted Oct 23, 2017, 8:29 AM by Greg Rodenhiser

This phish came with a PDF attachment that looked like a DocuSign document containing a link to a site that was not legitimate.

PDF Link Phish - September 25, 2017

posted Sep 26, 2017, 6:49 AM by Greg Rodenhiser

The attached PDF was just a single image that was a link to a known malicious site.

Dropbox Phish, Again - September 11, 2017

posted Sep 11, 2017, 12:24 PM by Greg Rodenhiser

Just a reminder that scammers are still attempting to mimic Dropbox.  Just remember to hover over the View Document button, in this case it went to, NOT 

Deactivate Email Phish 09-06-2017

posted Sep 7, 2017, 6:56 AM by Greg Rodenhiser

This phish attempts to trick the user into clicking the link and submitting their credentials into a fake Microsoft Outlook login page. 

Account Verify Phish - 2017-06-03

posted Jun 5, 2017, 6:48 AM by Greg Rodenhiser   [ updated Jun 5, 2017, 6:49 AM ]

This phish even directed to a Holy Cross branded login page in an attempt to trick recipients into giving away their login information. 

Phishing attack using Google Drive and McAfee URL shortener for legitimacy.

posted May 19, 2017, 10:32 AM by David Shettler

Attackers are realizing that some of us have been trained to read URL's, and not click on suspicious URL's.

In response they've begun filling their phishing emails with links to more trusted resources, such as Google Drive. Then, in a benign Google Drive share, they link you off to somewhere malicious.  In this case, we see them using McAfee's URL shortener in an attempt to add legitimicy. Thankfully, in this case, McAfee had already shut the link down by the time we could test it, but be aware that this may not always occur.

Moral of the story: don't blindly trust URL shorteners, and if you receive an email with a file share out of the blue that you were not expecting, and that is "out of character", don't click.

1-10 of 69