files.securefileshares.com Open in urlscan Pro
54.83.101.48  Public Scan

URL: https://files.securefileshares.com/dl/5upoh9c386fr4th00umn/dl=0/c4f10e/e6f01505-843b-49f5-8606-06f8becd6206/
Submission: On December 13 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 1.  
 2.  
    

Welcome to Profile of a Phisher. Click around this interactive profile to learn
about phishing from a cybercriminal’s perspective.

I’ll offer helpful tips along the way so you know how to protect yourself
against malicious emails.

×




 


THIS WAS AN AUTHORIZED PROVIDENCE PHISHING EMAIL SIMULATION TEST.


 

PROVIDENCE CONDUCTS RANDOM PHISHING EMAIL SIMULATION TESTING TO
HELP INCREASE AWARENESS TO RECOGNIZE THE WARNING SIGNS OF A PHISHING EMAIL AND
PROTECT PROVIDENCE CONFIDENTIAL INFORMATION, ITS MISSION AND VALUES AGAINST REAL
PHISHING EMAIL ATTACKS.

 

--------------------------------------------------------------------------------


PROFILE OF A PHISHER FOLLOW

INTERESTED IN LEARNING MORE ABOUT PHISHING?

×
Follow @Cofense on Twitter for the latest phishing trends and examples.
 * 6 posts
 * 666k followers
 * 138 following

Proven strategies to earn quick money through phishing. Sharing my successful
phishing emails. Click my story highlights for my most popular tips.
#spearphishing #socialengineering #hacking #phishing

#SPEARPHISHING

×

Malicious emails designed to trick small groups or individuals into sharing
information or allowing malicious code to run on their device.

 * Uses more sophisticated technology and personalization to evade email filters
 * Generally targets organizations

#SOCIALENGINEERING

×

Using deception to manipulate people into divulging information (like passwords
or confidential data) for fraudulent purposes.

#HACKING

×

Gaining unauthorized access to or control over computer systems for an illicit
purpose.

#PHISHING

×

Malicious emails designed to trick large groups of people into sharing
information or allowing malicious code to run on their device.

 * Appeals to a broad audience

BEC / CEO Fraud

Social Media

Credential Phishing

Ransomware

Mobile Devices

URLs

Brand Impersonation

×


BEC/CEO FRAUD

 1.  
 2.  
 3.  


WIRE FRAUD 101

If you’re interested in making larger amounts of money, BEC (aka wire fraud) is
worth the extra time needed to research and strategize. For BEC scams, pose as
high level executives and ask the target to transfer funds—to your account.


WHAT YOU CAN DO:

Be skeptical of urgent requests that do not follow typical company procedures
and policies.


WIRE FRAUD 101

Target companies who work with foreign suppliers and employees who regularly
perform wire transfers (like accounting or finance).


WHAT YOU CAN DO:

If you receive a wire transfer request, always examine the email for warning
signs of a phish.


WIRE FRAUD 101

Conduct extensive research to make your emails believable. Determine who
initiates wires and who requests them, and try to figure out the company’s
financial processes. Then, wait for the perfect opportunity, like a change in
leadership in the finance department or a CEO traveling overseas. For a higher
chance of success, instruct the target to act quickly or in confidence when
transferring funds.


WHAT YOU CAN DO:

Verify that the email is from the real sender with a quick call if anything
looks off.

  Previous   Next
Close
×


SOCIAL MEDIA

 1.  
 2.  


SOCIAL MEDIA STALKING

For highly personalized phish, research is your best friend. Try to find out
everything you can about your target on social media to increase your likelihood
of success.


WHAT YOU CAN DO:

If someone really wants to attack you or your organization, they will spend
countless hours searching for personal details. Be vigilant about the public
content you post to social media.


SOCIAL MEDIA STALKING

For example, say you see an Instagram story about a morning Starbucks with the
target’s cubicle workspace in the background. Details like computer types, email
clients, and preferred applications can be collected by zooming in, and then
used in the narrative of a malicious email like “Critical MacOS update”, “Shared
Outlook Document”, or even a Starbucks Rewards themed message.


REMEMBER:

Don’t make it easy for the bad guys to find information. Review your privacy
settings and lock down your social media profiles.

  Previous   Next
Close
×


CREDENTIAL PHISHING

 1.  
 2.  


STEALING CREDENTIALS

Pose as a legitimate company and send phishing emails with narratives like
account access suspended, payment transfer complete, or outstanding balance.
Include links to a phishing website imitating a real login page to steal your
victim’s information.


WHAT YOU CAN DO:

Never enter login credentials or other sensitive information into an unverified
website, even if the site looks legitimate. Only navigate to trusted sites by
using bookmarks or by typing the domain in the browser.


STEALING CREDENTIALS

Since so many people reuse passwords, try out the credentials you capture on
other sites to gain access.


REMEMBER:

Use multi-factor authentication (MFA) wherever it is offered. Keep your
usernames, passwords, and secret questions/answers private. Always verify that
you are on an official website before you provide your credentials. Report any
suspicious messages.

  Previous   Next
Close
×


RANSOMWARE

 1.  
 2.  
 3.  


HOLDING THEM HOSTAGE

Ransomware is a type of malware that locks the victim’s computer screen and
prevents them from accessing files until they pay a ransom. It’s the perfect way
to make cash quick.


WHAT YOU CAN DO:

Back up your files regularly on a physical storage device. Secure your backup in
a safe place and disconnect the device from your computer when you aren’t using
it. Ransomware can infect connected network and external drives.


HOLDING THEM HOSTAGE

One of my favorite methods to trick victims into downloading malware is to send
emails with Office attachments that can only be viewed by enabling macros. These
emails make it past secure email gateways because the attachment itself contains
no malware until macros are enabled.


REMEMBER

Never enable macros on suspicious Microsoft Office documents. Enabling macros
can allow a malicious program to download and run malware.


HOLDING THEM HOSTAGE

Enabling macros allows a malicious file to run and download malware. Once the
malware has been downloaded, it can run scripts and programs designed to obtain
files, information, and account data without the victim’s knowledge.


DID YOU KNOW?

Never reuse passwords. Use a unique password for each site, using a combination
of letters, numbers, and special characters.

  Previous   Next
Close
×


MOBILE DEVICES

 1.  
 2.  


SMISHING

Try sending phishing links via SMS text message instead of email.


WHAT YOU CAN DO:

Use a Virtual Private Network (VPN)

Be wary of connecting to public wireless networks. If your only option is to
connect to an unsecured network, use a trustworthy VPN to send and receive
information securely.


SMISHING

A common tactic is to ask the target to reply or click a link to confirm
enrollment in a newsletter or program, or to unsubscribe from text message
alerts.


REMEMBER

Phones are lost and stolen all the time, and without a way to wipe data remotely
if your device is stolen, data can be easily extracted. Set up "Find my Phone"
and "Remote Wipe" apps ahead of time to locate a lost device or restore your
phone to factory settings in case it cannot be found.


DID YOU KNOW?

You're just as vulnerable on a mobile device as on a desktop computer to receive
malicious emails.

  Previous   Next
Close
×


URLS

 1.  
 2.  


MAKE YOUR PHISHING WEBSITES LOOK LEGIT

Purchase a copycat domain that resembles a well known brand's domain.


QUICK TIPS

Examine the domain name. Don't be misled by sites claiming to be popular brands
but have a slightly different URL.


REMEMBER

Also, consider the context. Did you receive a work-related email in your
personal inbox, or vice versa? Does anything seem strange? How about the
spelling and grammar?


MAKE YOUR PHISHING WEBSITES LOOK LEGIT

For instance, if a company owns example.com, you could purchase example.red


DID YOU KNOW?

How to check where a link goes without clicking:

Desktop (Mac/Windows): Hover your cursor over the link to view the URL.

Mobile Devices (Android, iOS, Windows): Touch and hold the link until a pop-up
menu appears.

  Previous   Next
Close
×


BRAND IMPERSONATION

 1.  
 2.  


IMITATING BRANDS

Impersonating familiar brands is a popular method to trick targets into handing
over login credentials, credit card numbers, and other private information.


WHAT YOU CAN DO:

Look out for old logos, broken images, and stretched or fuzzy images. If the
layout or images look strange, you might have landed at a poor copy of a real
site. Remember, just because a site uses HTTPS or has a green padlock, it
doesn’t guarantee the site is safe.


IMITATING BRANDS

Buy domains similar to popular sites, so if someone mistypes a popular website,
they will land on your phishing website. It’s also easy to obtain free SSL
certificates to give your phishing websites an air of legitimacy.


REMEMBER

Also, consider the context. Did you receive a work-related email in your
personal inbox, or vice versa? Does anything seem strange? How about the
spelling and grammar?

  Previous   Next
Close
 

From: connections@linkedin.com

Subject: You have a new connection request from Jessica Gomez!


 

From: docusign@securefileshares.com

Subject: You got an invoice from DocuSign Electronic Signature Service


 

From: support@onedrive.com

Subject: File "Bonus 2021.xls" Has Been Uploaded To OneDrive


 

From: security@google.com

Subject: Someone has your password


 

From: deliveries@fedex.com

Subject: Urgent Message FedEx !!


 

From: billing@amazon.com

Subject: We have placed a hold on your Amazon account and all pending orders.



PHISHING SCAMS

×
 1.  
 2.  
 3.  
 4.  
 5.  
 6.  


LINKEDIN PHISHING SCAMS

Hover over the indicators to see the warning signs in this real phishing email

 

From: connections@linkedin.com

Subject: You have a new connection request from Jessica Gomez!

Hi Linkedin user,

It was nice to meet you last week. I'd like to connect with you on LinkedIn.

- Jessica

Jessica Gomez
Managing Director at RHPW Consulting
2 shared connections

Accept
View Profile


PROFILE OF A PHISHER

Create enticing social networking profiles and pose as fake recruiters. Try out
believable narratives like confirming a new connection request or sharing an
exciting new job opportunity with a huge signing bonus.


QUICK TIPS

Only accept connection requests from people you know. Once someone is part of
your networks, they can see information like your email address and interests.

Then, they could send you a personalized message with a malicious link.


DOCUSIGN PHISHING SCAMS

Hover over the indicators to see the warning signs in this real phishing email

 

From: docusign@securefileshares.com

Subject: You got an invoice from DocuSign Electronic Signature Service

Review and pay the document

View Invoice

Dear Recipient,

Please review this urgent invoice.
This is an electronically created invoice notification


PROFILE OF A PHISHER

DocuSign is one of my personal favorites since people get so many DocuSign
requests like invoices, mortgage docs, or contracts. You can keep it generic to
save time, but if you really want to improve your success rate… Add details like
the person’s name, company name, or department. Say it’s urgent too, and they’ll
be eating out of the palm of your hand.


QUICK TIPS

If your job responsibilities include reviewing invoices or signing off on any
documents, scrutinize these types of emails for warning signs of a phish. Follow
company policies, and verify with the sender by phone call or chat if you have
any concerns.


DID YOU KNOW?

DocuSign email requests to sign a document never contain attachments. DocuSign
will never ask you to open a PDF, office document, or zip file in an email.

Access your documents directly from https://www.docusign.com by entering the
unique security code, which is included at the bottom of every DocuSign email.
Don’t click links in suspicious emails.


MICROSOFT ONEDRIVE PHISHING SCAMS

Hover over the indicators to see the warning signs in this real phishing email

 

From: support@onedrive.com

Subject: File "Bonus 2021.xls" Has Been Uploaded To OneDrive

This links works for everyone in our organization.

Bonus 2021

To Open

Microst respects your privacy. Read our Privacy Statement
for more information. Microsoft Corporation, One Miscrosoft Way, Redmond, WA
98052.


PROFILE OF A PHISHER

Who doesn’t love a bonus? So many organizations share files using Microsoft
OneDrive, so this one is a pretty safe bet. However, if you’re not sure, dig
around Instagram under Places to see what has been tagged at the target
company’s offices or search for #companyname. Guaranteed some “influencer” has
tagged their #mealprepped lunch with their monitor in the background. Zoom in to
see if their company uses Microsoft products—then you’ll know that this
narrative is a home run.


QUICK TIPS

Be wary of emails with reward narratives like bonuses or pay raises. If
something is too good to be true, it likely is. Reach out to HR or Payroll, or
log in to your internal system to check if the good news is true before rushing
to click an email link or open an attachment.


GOOGLE ACCOUNT SECURITY ALERT PHISHING SCAMS

Hover over the indicators to see the warning signs in this real phishing email

 

From: security@google.com

Subject: Someone has your password


SOMEONE HAS YOUR PASSWORD.

Hi ,

Someone just used your password to try to sign in to your account.

Details:

IP Address: 198.51.100.1
Location: Ukraine

We have stopped this sign-in attempt. You should change your password
immediately.

Change Password

Best,
Account Services Team


PROFILE OF A PHISHER

Fear is one of my favorite motivators, since it just works so beautifully. The
sheer terror of someone gaining account access is often enough to rush them into
action to fix the problem. Throw in a Google logo and add a suspicious location
like Ukraine to add the final nail in the coffin.

This one makes a great credential phish too. Add a fake login page to grab their
credentials. Since so many people reuse passwords, try that password out to gain
access to other systems.


QUICK TIPS

Receive a threatening email that someone has access to your account? Take a deep
breath and remember that this narrative is common, and you likely have nothing
to worry about. Phishers will try to catch you off guard by appealing to strong
emotions. Contact the support department if you have concerns about an account
takeover instead of rushing into action. Never enter credentials into a
suspicious website.


DID YOU KNOW?

You can strengthen the security of your account by setting up multi-factor
authentication (MFA) wherever it is offered. MFA is an added layer of security.
After entering your password, you must use a second method to verify your
identity. Examples include entering a unique code sent to your email address or
mobile device or using biometric indicators such as a thumbprint


FEDEX PACKAGE DELIVERY PHISHING SCAMS

Hover over the indicators to see the warning signs in this real phishing email

 

From: deliveries@fedex.com

Subject: Urgent Message FedEx !!


FEDEX

Hi Customer

On May 30, 2021

Delivery Problems Notification.

A courier agent was at your listed address to deliver a parcel to you but could
not find you.

Thus, we are unable to deliver the package to you.

Kindly update your current address below for us to be able to reach you
tomorrow.

[Update Address]

© FedEx 1995 - 2021 | Global Home | Terms of Use | Security and Policy


PROFILE OF A PHISHER

This one is perfect for office administrators since they are responsible for
sending and distributing packages. Personalize it with their name, company name,
or department. If you can find any of the company’s vendors—look on social media
since organizations often post about their #partnerships—add that in to increase
the believability.


QUICK TIPS

Be on the lookout for “package delivery” scams, especially around popular online
shopping holidays. Use your personal email for purchases instead of your
business email.

If you are responsible for sending and receiving packages on behalf of your
organization, be extra cautious of these emails. Verify with the shipping
provider instead of interacting with an email.


DID YOU KNOW?

Popular shipping narratives include delivery notification, fraudulent parcel,
confirm shipping address, and delivery failure.


AMAZON ORDER ISSUE PHISHING SCAMS

Hover over the indicators to see the warning signs in this real phishing email

 

From: billing@amazon.com

Subject: We have placed a hold on your Amazon account and all pending orders.

Account Security

--------------------------------------------------------------------------------

Greetings from Amazon

We have placed a hold on your Amazon account and all pending orders.

We tool this action the billing information you provided did not match the
information on file with the card issuer.

To resolve this issue, please verify now with the billing name, address, and
telephone numbr registered to your payment card. If you have recently moved, may
need to update this information with the card issuer.

Verify Now

If we are unable to complete the verification process within 3 day, all pending
prders will be cancelled. You will not be able to access your account until this
process has been completed.

We ask that you not open new accounts as any new order you place may be delayed.

We appreciate your patience with our security measures.
Thank you for your concern.

Sincerely,

Amazon Service Team


PROFILE OF A PHISHER

People place so many Amazon orders and they are always replacing their credit
cards. They will rush to update their billing information if they see this email
to get their next order without thinking twice.


QUICK TIPS

Keep track of your Amazon orders so you don’t fall for a phony email. Check your
Amazon account by navigating to amazon.com through your browser or bookmarks
instead of clicking a link.

  Previous   Next
Close

 

Remember, you are the last line of defense against phishing. If you receive a
suspicious email, immediately report it using the Microsoft Report Message tool.

Legal Disclaimer
All third-party trademarks referenced by Cofense whether in logo form, name form
or product form, or otherwise, remain the property of their respective holders,
and use of these trademarks in no way indicates any relationship between Cofense
and the holders of the trademarks.