Examples of Phishing e-mails

More information about phishing and other dangerous e-mails you can found here.


Be careful with QR codes

2023-08-25

Fraudulent phishing that looks like an email from the university’s IT support with information about the introduction of multi-factor authentication and invites you to photograph the QR code with your mobile phone.

This is a trick. When you photograph the QR code with your mobile phone, the fraudulent form is downloaded to your mobile phone and displayed on it. On your mobile phone the anti-virus program is not running and probably isn’t even connected to the Internet via the university network, so the attacker can bypass our protection.

QR codes are commonly used and we see them on electricity bills, on information signs in the park and so on. In this case, however, you should note:

Fraudelent mail:

phishing mail

Fraudulent page with the form:

phishing form


Document only after login

2022-11-08

There is nothing wrong with sending an e-mail link to a document in the cloud, which you can only access after login, and we will be seeing more and more of it. But it is also a common trick of fraudsters - so be careful not to fall for phishing! Always check if the page with the login form is trustworthy - especially if the URL of the page is the domain of the organization whose password you should fill in. In this case, the domain of Charles University cuni.cz.

Suspicious:

Fraudulent mail:

phishing mail

Fraudulent page with the form:

phishing form


Phishing form with university website background

2022-11-07

Lately, phishing forms have an up-to-date organization website in the background. They try to give the user the impression that they have reached their home site and just have to log in to get information that is not public.

The phishing form page is actually elsewhere (see the URL of the page in the top row of the browser). Cleverly pulls a domain from her email and automatically downloads the page on that domain and adds it as a background. If you look closely at the URL of the page, you will find your email at the end. You can try to put another organization’s domain in it yourself.

Suspicious:

Phishing form scam page:

phishing mail


Phishing from @o365.cuni.cz address

2022-02-07

Fraudulent phishing e-mail, credited with the address of the sender with the domain o365.cuni.cz. Unfortunately, the owner of the account received a similar e-mail, succumbed to it and the attacker is now sending more phishing e-mails within the university from his account.

Suspicious:

E-mail:

phishing mail


Letter from secretary

2020-10-08

There is no link in this phishing e-mail, but html type attachment with phishing form. And one more bluff – the sender name is “sekretarka@cuni.cz”.

E-mail:

phishing mail


WHO

2020-03-31

It’s exploiting interest in coronavirus information. It looks like an email from the WHO and promises a document with up-to-date information.

E-mail:

phishing mail

Web page with form.

Attention – page is not on WHO domain!

podvodna stranka