Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster logo

Office of the AVP & CTO

INFORMATION TECHNOLOGY SECURITY

Phishing Email: (ACTION REQUIRED) For {Name}

Description of Phishing Email

This example shown below is a typical phishing email pretending to be from Microsoft, notifying the recipient that their account password is about to expire. The email urges the recipient to click on a link or copy a URL to update their password. However, the provided link leads to a fake website designed to steal login credentials. Always be cautious and verify the authenticity of such emails by directly visiting the official website rather than clicking on the provided links.

Screenshot of Phishing email:

Text of the Email :

Microsoft

Password Expiration Notice

The password for you email account is to be expired today. We reconmmend that you use the below to keep access to your account just to avoid login interruption.

Keep My Password

You can also opt out or change where you receive security notifications.

Thanks

This e-mail is covered by the {Name} and is legally privileged. This information is confidential information, and is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this electronic message to the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, please notify us immediately by reply e-mail or by contacting us at {Number} and destroy the original transmission and its attachments without reading them or saving them to disk or otherwise.

 

This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the material from any computer.

 

 

 

How to protect yourself?

  • Hover Before Clicking: Always hover your cursor over links to see the URL before clicking. Ensure the domain matches the expected source and looks legitimate.
  • Check for Typos and Errors: Phishing emails often contain spelling errors, grammar mistakes, and odd phrasing. Be suspicious if an email looks unprofessional.
  • Examine the Sender’s Email: Inspect the sender’s email address carefully. Phishing emails often use addresses that closely resemble legitimate ones but may have slight differences.
  • Don’t Share Personal Information: Never provide personal information like passwords, banking details, or identification numbers through email.
  • Be Skeptical of Urgent Requests: Phishing emails often try to create a sense of urgency. Double-check with the supposed sender using a separate, verified contact method.

Important Notes:

  • Please do not share your password with anyone.
  • Microsoft will never ask for your password via email.
  • Ensure you are on a secure connection when updating your password.
 Phish Bowl