On May 21, members the University of Toronto (U of T) community received a malicious email that impersonated a well-known division head. The attack attempted to manipulate recipients into purchasing a large quantity of iTunes gift cards.
Fortunately, the attack was thwarted by a sharp-eyed staff member who recognized the classic signs of a phishing email, including a suspicious email address domain and classic elements of social engineering. Can you spot more signs in the exchange that took place?
Email Exchange:
From: [Phisher], <[redacted].utoronto.ca@my.com>
To: [Recipient], <[redacted]@utoronto.ca>
Subject: Re: Quick Respond
Available?
From: [Recipient], <[redacted]@utoronto.ca>
To: [Phisher], <[redacted].utoronto.ca@my.com>
Subject: Re: Quick Respond
[The recipient says they are available and offers to meet the sender in their office.]
From: [Phisher], <[redacted].utoronto.ca@my.com>
To: [Recipient], <[redacted]@utoronto.ca>
Subject: Re: Quick Respond
Okay good, I’m in a meeting right now and that’s why i’m contacting you through here. I should have called you, but phone is not allowed to be use during the meeting and I don’t have the idea of when the meeting will be rounding up. So I need you to get a task done for me real quick, is there any store close to you?
From: [Recipient], <[redacted]@utoronto.ca>
To: [Phisher], <[redacted].utoronto.ca@my.com>
Subject: Re: Quick Respond
[The recipient asks the sender to email them the instructions.]
From: [Phisher], <[redacted].utoronto.ca@my.com>
To: [Recipient], <[redacted]@utoronto.ca>
Subject: Re: Quick Respond
Okay good, Here is what you need to do for me real quick. I need iTunes gift cards, can you get some at the store right now? I will reimburse as soon as I’m out with any inconveniences.
Let me know to advise denomination to purchase. Thanks!
From: [Recipient], <[redacted]@utoronto.ca>
To: [Phisher], <[redacted].utoronto.ca@my.com>
Subject: Re: Quick Respond
[The recipient asks the sender how many cards they would like them to order.]
From: [Phisher], <[redacted].utoronto.ca@my.com>
To: [Recipient], <[redacted]@utoronto.ca>
Subject: Re: Quick Respond
Okay, I need you to get 10 cards for each worth of $100 physical iTunes gift card.Scratch-off the back code and Attach me a clear pictures of all the cards showing the codes to me here, Hope this is clear ?