Phish Example: Attention Required


Recently, many members of the W&L community received an email purporting to be from President Will Dudley. Several people fell for a similar phish in late March and the phisher used the victims' credentials to steal their payroll deposits.

Both of the phishing attempts included tell-tale signs that they were fraudulent. Be vigilant and carefully examine unsolicited email for these signs.

Email sender

Notice the sending email address is not a W&L email address

phish header

Content of the letter

1) W&L does not have a "Business Integrity Program"

2) The letter contains several obvious grammatical errors:

Body of example phish

PDF attachment

Mass messages from W&L senior leadership seldom use file attachments. The vague "Secure Online Document" title also is suspicious.

Image of PDF

Address of website

Clicking on the PDF attachment caused this website to appear. It is made to look like Microsoft Office, but the address is clearly incorrect.

Phish file download

Log-in prompt

The page prompts you to enter your credentials. This is the payoff for the phisher: theft of your W&L login credentials.

Redirect to W&L Employee Handbook

"Spearphishing" attempts, like this one, use familiar symbols, images and names to deceive you into believing that a message is legitimate. Anyone entering their credentials in the previous screen would be redirected to the genuine W&L employee handbook. But notice that the handbook is unrelated to the "Business Integrity Program" referenced in the original message.

Image of employee handbook