Skip to content Skip to site navigation

Phishing Email Example: [unknown]

This message has many cues as to its lack of authenticity.   First and foremost are the many spelling and grammar errors: "You can active your account", "Centeral", "seccussfull", "you will be redirect", "If there was error in login".   You should also be suspicious when there are names for services that either you don't recognize or seem to be used inappropriately, such as "Authcate Account" (there is no such thing at Stanford), "Centeral Authentication System(CAS) Weblogin", "available on the helpsu". 

What is most concerning, and what makes this a phishing attempt rather than just bad spam, is the link in the message purporting to go to accounts. stanford.edu.  The URL behind this text actually points to a host (paperisi.ir) in Iran.  Because you sometimes cannot determine what the link in an email message actually points to, you should never click on an embedded link.  It is generally very safe to copy the text of the link (e.g., accounts.stanford.edu) and paste it into the address bar of your browser, as long as you recognize the domain part of the link (in this case, "stanford.edu").

January 16, 2014

Dear Stanford Student, Faculty, Staff

Your Authcate Account will be inactive in 2 days. Because of some
security problems about login from strange IP addresses we decided to make
some changes (Upgrade) and this is due to the implementation of a new
version of Centeral Authentication System(CAS) Weblogin in new
year(2014).

You can active your account by going to the
CenteralAuthenticationSystem(CAS)
Weblogin and simply login by your SUNet ID to activate your
account.
Then, after seccussfull login click on "Logout" and you will be redirect to [link removed]
and in StatusChecker check your
account state. if your Account Status is Active or not. If
there was error in login, try to activate again.

Please note: If you get an Authentication Error Just try 2 times to
login again, and return to the
https://stanfordyou.stanford.edu/
portal login page and start again. because System will automatically block
your IP and Account and you should contact Support System to
Unclock.

Answers to some frequently asked questions
(FAQs) are available on the helpsu.

Regards,

IT Services
243
Panama Street
Stanford, CA 94305-4102
650-725-4357
support@stanford.edu

Return to fraudulent phishing email examples