Examples of Phishing e-mails
More information about phishing and other dangerous e-mails you can found here.
Be careful with QR codes
Fraudulent phishing that looks like an email from the university’s IT support with information about the introduction of multi-factor authentication and invites you to photograph the QR code with your mobile phone.
This is a trick. When you photograph the QR code with your mobile phone, the fraudulent form is downloaded to your mobile phone and displayed on it. On your mobile phone the anti-virus program is not running and probably isn’t even connected to the Internet via the university network, so the attacker can bypass our protection.
QR codes are commonly used and we see them on electricity bills, on information signs in the park and so on. In this case, however, you should note:
- the sender’s name is “IT Cuni Support” but after clicking on the name, the address from the university domain does not appear cuni.cz, but the address on Gmail.
- the mail has no signature, you don’t know who allegedly sent it, there’s no place to check its authenticity
- the QR code is not square and the whole text is somehow harder to read - that’s because the whole email is one big one image - technique used to make phishing go through a spam filter
- password entry form that appears on the phone after taking a photo of the QR code, does not lead to the university domain cuni.cz
Fraudulent page with the form:
Document only after login
There is nothing wrong with sending an e-mail link to a document in the cloud, which you can only access after login, and we will be seeing more and more of it. But it is also a common trick of fraudsters - so be careful not to fall for phishing! Always check if the page with the login form is trustworthy - especially if the URL of the page is the domain of the organization whose password you should fill in. In this case, the domain of Charles University cuni.cz.
- the sender of the e-mail is “Univerzita Karlova”, but when clicking on the sender, the address ending at @cvut.cz will appear
- when you move the mouse over the link (text “Read the message”), the link will appear. And it is not Charles University domain name cuni.cz, but to neohealth.co.bw.
- the website looks exactly like the Central Authentication Service of the UK, but according to the URL the page (top row, marked in red) is not in the university network (in the domain cuni.cz)
Fraudulent page with the form:
Phishing form with university website background
Lately, phishing forms have an up-to-date organization website in the background. They try to give the user the impression that they have reached their home site and just have to log in to get information that is not public.
The phishing form page is actually elsewhere (see the URL of the page in the top row of the browser). Cleverly pulls a domain from her email and automatically downloads the page on that domain and adds it as a background. If you look closely at the URL of the page, you will find your email at the end. You can try to put another organization’s domain in it yourself.
- Page URL “14-11115-verge…mexico-1.myhuaweicloud.com/…” is definitely not a university
Phishing form scam page:
Phishing from @o365.cuni.cz address
Fraudulent phishing e-mail, credited with the address of the sender with the domain o365.cuni.cz. Unfortunately, the owner of the account received a similar e-mail, succumbed to it and the attacker is now sending more phishing e-mails within the university from his account.
- the very requirement to fill in a form for an email upgrade
- breakneck Czech
- the sender, which has nothing to do with the administration of the university’s computer network
Letter from secretary
There is no link in this phishing e-mail, but html type attachment with phishing form. And one more bluff – the sender name is “email@example.com”.
It’s exploiting interest in coronavirus information. It looks like an email from the WHO and promises a document with up-to-date information.
Web page with form.
Attention – page is not on WHO domain!