Skip to content Skip to site navigation

Phishing Email Example: Voice Message from Unknown Caller (745-894-7559)

This email appeared to be a message from the voicemail system with a voice message attached as a file. The message appeared to come from Unity Messaging System <Unity_UNITY3@stanford.edu>,  which turns out to be a non-existent Stanford address. The attachment should have been removed by Stanford's newly enhanced screening mechanisms, which remove attachments that are likely (based on the kind of file) to be phishing attempts or other malware.

Without the current attachment screening and removal tools, the only clues that this was not a legitimate message would be that the "From" address was not valid (which would not necessarily be easy to determine, but a call to the IT Service Desk would reveal this), and the fact that the "voicemail" file had the extension .zip instead of the normal .wav (again, a subtle detail that many are not aware of).   

November 13, 2013

The message itself has very little text, but the following would appear as a way of notifying recipients that the attachment was removed:

Note: The original attachment was automatically removed by Stanford's email
system because it was identified as a file type that is commonly associated
with malicious software. In order to transmit this type of file, please use
an alternate mechanism such as Stanford's Box service.

The attachment name is VoiceMessage.zip, voicemessage.zip.
The attachment type is application/zip.

Return to fraudulent phishing email examples