ITS Information Security - Phish Pond

Welcome to the Phish Pond. On this page we'll post screenshots of recently encountered real world phishing attacks.  If you need help identifying phishing, sign-up for one of our training sessions, or watch our online training session here.  As always, if you find one, report it to: PhishMeNot@holycross.edu

Direct Deposit Phish - January 27th 2020

posted Jan 28, 2020, 8:24 AM by Greg Rodenhiser

This phish can have costly consequences.  The hope is the HR person this was sent to will reply and request the information for the direct deposit account (of course the attacker's account).  This is a great reminder to take a good look at the sending address of the message (it was NOT the employee's Holy Cross email) and follow up not using any information or reply from the message. 

Gift Card Purchase Phish - December 18th 2019

posted Dec 19, 2019, 6:56 AM by Greg Rodenhiser

The phish was crafted to look like it came from a VIP at the College, hoping the recipient would react quickly and not question it. 


Collaboration Invitation Phish - November 19th, 2019

posted Nov 19, 2019, 1:33 PM by Greg Rodenhiser

This phish tries to look like a collaboration request on for a document (transcript in this case).  The link goes to a document containing links to malicious sites posing as login pages. 


Attempting to Start a Dialog Phish - October 2nd 2019

posted Oct 2, 2019, 11:44 AM by Greg Rodenhiser

This sort of phishing technique occurs quite often.  It's always a very short and vague message and often tries to look like it came from someone at Holy Cross.  The sender's hope is to get a response and open a dialog, eventually asking for a gift card or credentials to an account. 


Important File Attachment Phish - September 16th 2019

posted Sep 27, 2019, 6:37 AM by Greg Rodenhiser

There's been an uptick in phish purporting to come from department heads or even higher that containing an attachment or link to online document.  The hope is to get the recipient to react quickly and open or link to the document.  Always double check the sending address and give thought if this message is something you would expect from the sender. 


Direct Deposit Change - September 9th 2019

posted Sep 10, 2019, 8:45 AM by Greg Rodenhiser

This is a phish purporting to be a College employee yet clearly not from a Holy Cross email address.  They are requesting a change in direct deposit in hopes the receiver will divert funds to someone else's bank account. 


Request for cell phone number phish - May 1st, 2019

posted May 1, 2019, 1:33 PM by Greg Rodenhiser   [ updated May 1, 2019, 1:35 PM ]

This phish follows a pattern we've seen increasingly lately.  The message purports to be from a College employee requesting information in an attempt to open dialog with the recipient. At some point information will be requested from the sender.  The message is typically very vague, only a sentence or two at most.  Look carefully at the sending domain, you will see it is NOT from Holy Cross. 


Direct Deposit Phish - Wednesday April 24, 2019

posted Apr 24, 2019, 8:44 AM by Greg Rodenhiser

This is another phishing attempting using generic gmail addresses that closely matches the name of an actual Holy Cross employee in an attempt to trick the recipient into making direct deposit transactions into the sender's account. 


Phish Attempting to Start Dialog - April 9th 2019

posted Apr 9, 2019, 1:15 PM by Greg Rodenhiser

This phish purports to come form a person at the College.  In fact the sending address usually includes the actual person's name and holycross.edu in the address itself, but uses regular gmail, hotmail, or the like as the sending domain.  The message is very short, implies urgency, and is looking for a response from the recipient.  the goal is to start dialog in hopes of obtaining sensitive information or perhap monetary gain (gift cards) from the recipient. 


DocSign Phish - April 20, 2018

posted Apr 20, 2018, 10:55 AM by Greg Rodenhiser

DocSign phish looks like a file share, however the attached file really contains a link to a likely compromised WordPress blog.


1-10 of 78