We will be looking at a phishing attempt that hit EIU this recently.
In this case someone at EIU was compromised, and the attacker use their account to try and trick other EIU users.
Were there any clues that this was a phishing email?
Questions to ask:
- Was I expecting this email?
- Do I usually get this type of request from this person?
- Does the link match the company who it is for?
- Does it ask me to do something out of the ordinary?
- Is there an EIU verification link?
Reviewing the email
In this email there is a link. If you put your cursor over the link on the bottom left of your browser it will show were the link will take you. You can see that the page shows googleapis.com not DocuSign.
The link does not match. The email says DocuSign but the link says googleapi.com.
The link took me to a page that didn’t look familiar to login and the web browser address bar does not show eiu.edu. Never put your username and password into a place you are not familiar.
*Tip: If you have the option, go the website directly, try not to click links within email.
The red flags are starting to add up. At this point, I may call the person directly. Another option is to forward the email to the EIU phishing group at firstname.lastname@example.org. ITS will review the email and let me know if it is OK.