A Spam Example: Message from human resources|HR Tech Outlook
Hackers these days know every minute tricks that can fool the users. One of the standard techniques they use is email spoofing, which will appear to come from the HR team or a legitimate email address other than the actual source. Another method used is email spamming, where unsolicited emails contain suspicious links or attachments sent in bulk. In both cases, hackers target the employees by using subjects like “promotion,” “employee benefits,” or “policy change,” and thus creating urgency to open the mail. Whenever an employee receives an email from the HR team, they are compelled to open the mail due to authority.
What makes this a Spam message?
The cyber-criminal responsible for this phishing spam puts some effort into making this email message appear legitimate. The sender’s email address is fake and seems to come from the campus HR department, and the document link led to a fake Calnet login page. There is one more hint that we can say this message is fake:
If you put your mouse cursor over the “Click here” link, you can see that the destination is not the real Calnet login page (https://auth.techno.world (link is external)).
There are two things for remembering in this situation:
If you receive any message containing an unknown link or attachment that you did not expect, do not click on the link or download the file — especially when received from an unknown authority.
Check for the legitimate website address for the Calnet login page before entering your credentials.
Original Message:
From: “HR@ XXXXX@techno.world (link sends e-mail)” <HR@ XXXXX@techno.world (link sends e-mail)>
Subject: Message from human resources
Date: January 21, 2021 at 9:29:54 PM PDT
To: XXXXX@techno.world (link sends e-mail)
Dear XXXXX@techno.world (link sends email)
A detailed document has been sent to you from the Human Resources Department.
Click here to log in to view the document. Thank you!
Technology University Of California HR Department
© 2021 The Regents of the University of California. All rights reserved.
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Confidentiality notice: This email and attachments may contain confidential information protected by the law. It is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited.
Return to The Phish Tank or Phishing Examples Archive
How to report spam:
Open the message
To the right of the ‘Reply’ arrow
Select ‘More’ (typically denoted with three vertical dots)
Then ‘Report spam.’
