The Anatomy of a Phishing Email

How good are you at spotting phishing? Do you notice anything wrong with this email? See if you can spot all the signs of phishing.

(Hint: if you click the photo, it will open in another tab for easier viewing.)

How did you do? How many did you find?

Let’s start from the top. This email is from someone with the address lmason@philasd.org. If you Google “philasd,” you’ll find that it’s the web address for the Philadelphia School District. Why would someone from a school district be contacting you about a court appearance?

Next, look at the first two lines of the email. There is no introduction; it opens directly with “Notice.” Don’t you think that if you were being called to court, they would have your name?

Now look at the link to the supposed “court notice.” A good practice is to hover over a link when you’re unsure if it’s legitimate. In this link, hovering over it shows that it’s bringing you to a website housed on earthlink.net. That doesn’t look very official. Why would an email instructing you to appear in court be devoid of information and instead direct you to a link? That seems a little suspicious.

Often, people using smartphones don’t understand how to hover over a link, and scammers are relying on this flaw. To hover on a smartphone, simply tap and hold the link, which will show you the url.

If we look at the signature, we can see two grammatical errors: the phrase “Court Secretary” ends with a period, and this person’s name, “Lynette Mason,” has a comma at the end. How likely is it that a court secretary would have multiple typos in their signature?

It’s completely understandable that this email would seem very alarming at first. No one wants to receive a surprise message to appear in court. But don’t let yourself get fooled. Scammers are growing increasingly clever and better at playing off people’s emotions. Stay smart and always be aware!

 

 

For more information, visit our other blog posts on phishing:

http://groups.etown.edu/its/2017/02/24/dhl-email-scam/

http://groups.etown.edu/its/2016/11/23/phishing-for-links/

http://groups.etown.edu/its/2016/04/01/dont-be-fooled-by-phishing/

http://groups.etown.edu/its/2017/02/15/hover-dont-click/