Skip to main content

Recent Examples of Phishing

These are some examples of phishing emails seen on campus. Do NOT assume a suspect email is safe, just because it is not listed here. There are many variants of each, and new ones are being sent out each day.

New Messages From Stanford Canvas Team

Canvas Phishing screeshot

Canvas

The Stanford Canvas team posted five new messages on your Canvas dashboard that requires immediate attention.

Login to Canvas

Thanks

Stanford Canvas Team

New message for <user>@stanford.edu

Another phishing email looking for your SUNet password. Never click on links without validating URL.

Dear <user>@stanford.edu,

You have a new messages regarding to your SUNet ID.

View message

Stanford/message/SUNetID -> link to fake login page

© Stanford University

Access locked: Server Error

Phishing emails using a compromised SUNet id. Hovering on the link reveals the malicious URL.

From: Stanford University <compromised@stanford.edu>
Sent: Wednesday, November 20, 2019 8:44 AM
To: user <user@stanford.edu>
Subject: Access locked: Server Error

Due to a server error on your e-mail, (user@stanford.edu) (7) incoming messages were delayed.

Log on to your portal to recover your delayed messages
Recover Delayed Messages
2019 Message Center

from <random phone number>

Attachment that mimics a sound file but it is really a HTML page. Leads to a credential harvesting page.

From: Scott Spain <sspain@oreganos.com>
Sent: Thursday, November 14, 2019 2:42 AM
To: user@stanford.edu
Subject: from (671) 322-3152

Duration - {00:59} secs.
Time - 14-Nov-2019 05:42:15

Urgent Scheduled Meeting

Hovering over the link reveals the true nature of the email. Broken english is another red flag.

From: Stanford University <infoportal@stanford.edu>
Sent: Monday, November 11, 2019 10:01 PM
Subject: Urgent Scheduled Meeting

Hello Member,

There would be an important meeting scheduled for tomorrow.

Kindly click here to view meeting details

Thank You
Stanford University.

Case ID:9354-61 - random numbers after Case ID:

A quick hover over the link reveals the phishing URL.

Senders email address a big red flag.

From: stanford.edu IT Support Note. <emorfaw@sourcingpartner.com>
Sent: Thursday, November 7, 2019 7:50 AM
To: User <user@stanford.edu>
Subject: Case ID:9354-61

Due to a server error on your e-mail, (user@stanford.edu) (7) incoming messages were delayed.

Log on to your portal to recover your delayed messages
Recover Delayed Messages
2019 Message Center