Phish Example: Attention Required
Recently, many members of the W&L community received an email purporting to be from President Will Dudley. Several people fell for a similar phish in late March and the phisher used the victims' credentials to steal their payroll deposits.
Both of the phishing attempts included tell-tale signs that they were fraudulent. Be vigilant and carefully examine unsolicited email for these signs.
Email sender
Notice the sending email address is not a W&L email address
Content of the letter
1) W&L does not have a "Business Integrity Program"
2) The letter contains several obvious grammatical errors:
PDF attachment
Mass messages from W&L senior leadership seldom use file attachments. The vague "Secure Online Document" title also is suspicious.
Address of website
Clicking on the PDF attachment caused this website to appear. It is made to look like Microsoft Office, but the address is clearly incorrect.
Log-in prompt
The page prompts you to enter your credentials. This is the payoff for the phisher: theft of your W&L login credentials.
Redirect to W&L Employee Handbook
"Spearphishing" attempts, like this one, use familiar symbols, images and names to deceive you into believing that a message is legitimate. Anyone entering their credentials in the previous screen would be redirected to the genuine W&L employee handbook. But notice that the handbook is unrelated to the "Business Integrity Program" referenced in the original message.