Phishing Review

Phishing Overview

We will be looking at a phishing attempt that hit EIU this week.

In this case someone from outside EIU was pretending to be from and the attacker attempted to get the users credentials.

Were there any clues that this was a phishing email?

Questions to ask:

  • Was I expecting this email?
  • Generic use of “Dear Customer” and not my name?
  • Use of urgency?
  • Why is it from Amazon but the email is to
  • Why does Hovering over the link goes to
  • Why is détails used instead of “Details”?

Reviewing the email

Notice if you hover over “Update now” goes to and not

The word: “détails”  a way to avoid spam/phishing filters

They want you to panic and react without thinking

  • “If you do not update your account within 24 hours (from opening this email) will be officially permanently disabled.”

They put (Open from this email) because they know if I go to Amazon directly, you would see nothing and not get phished

The red flags are starting to add up. At this point, I would delete this email and login to directly to see if there are any message for me. Another option is to forward the email to the EIU phishing group at ITS will review the email and let me know if it is OK.