ITS Information Security - Phish Pond

Welcome to the Phish Pond. On this page we'll post screenshots of recently encountered real world phishing attacks.  If you need help identifying phishing, sign-up for one of our training sessions, or watch our online training session here.  As always, if you find one, report it to:

PDF Link Phish - September 25, 2017

posted Sep 26, 2017, 6:49 AM by Greg Rodenhiser

The attached PDF was just a single image that was a link to a known malicious site.

Dropbox Phish, Again - September 11, 2017

posted Sep 11, 2017, 12:24 PM by Greg Rodenhiser

Just a reminder that scammers are still attempting to mimic Dropbox.  Just remember to hover over the View Document button, in this case it went to, NOT 

Deactivate Email Phish 09-06-2017

posted Sep 7, 2017, 6:56 AM by Greg Rodenhiser

This phish attempts to trick the user into clicking the link and submitting their credentials into a fake Microsoft Outlook login page. 

Account Verify Phish - 2017-06-03

posted Jun 5, 2017, 6:48 AM by Greg Rodenhiser   [ updated Jun 5, 2017, 6:49 AM ]

This phish even directed to a Holy Cross branded login page in an attempt to trick recipients into giving away their login information. 

Phishing attack using Google Drive and McAfee URL shortener for legitimacy.

posted May 19, 2017, 10:32 AM by David Shettler

Attackers are realizing that some of us have been trained to read URL's, and not click on suspicious URL's.

In response they've begun filling their phishing emails with links to more trusted resources, such as Google Drive. Then, in a benign Google Drive share, they link you off to somewhere malicious.  In this case, we see them using McAfee's URL shortener in an attempt to add legitimicy. Thankfully, in this case, McAfee had already shut the link down by the time we could test it, but be aware that this may not always occur.

Moral of the story: don't blindly trust URL shorteners, and if you receive an email with a file share out of the blue that you were not expecting, and that is "out of character", don't click.

New Docusign Phish - 2017-05-15

posted May 15, 2017, 10:25 AM by David Shettler   [ updated May 15, 2017, 10:29 AM ]

New UPS phish - 2017-05-15

posted May 15, 2017, 10:23 AM by David Shettler

2017 - May 5th - Google Docs grant access phish

posted May 3, 2017, 1:54 PM by Greg Rodenhiser   [ updated May 3, 2017, 1:55 PM ]

This was a very sophisticated phish that tricked a user into thinking a document was being shared to them, got user to do a legit login to their Google Account, and then request full access to the GMail account.  Looking at the developer information shows this was not legit. 

2017 - April 29th - Attachment that's an Image with link

posted May 1, 2017, 6:26 AM by Greg Rodenhiser

The attachment in this phish was a single image that was also a web link to a likely malicious site. 

2017 - March 13 - Another Ambiguous Link Phish, Same Day

posted Mar 13, 2017, 8:11 AM by Greg Rodenhiser

1-10 of 64