Spear phishing email scam: Available???

Phishing Email Breakdown 

This email attempts to create a sense of urgency by asking if the recipient is “Available??” and includes specific office and department details to appear personalized. It also uses the name of the recipient’s manager as the “From” address, but the email is sent from a Gmail account pretending to be the manager. The goal is to trick the recipient into replying to the email.

This is a sophisticated form of phishing known as spear phishing. Scammers send highly targeted messages, pretending to be your colleagues, to steal your credentials or install malware on your device.

Visual Example of the Phishing Email 

Full Text from the Phishing Attempt 

Available?? 

{position, department}
{office} 

How to Protect Yourself? 

1. Verify the Sender: Always verify the identity of individuals claiming to be someone important, especially if the message seems out of the ordinary and asks for personal information. 
2. Review Grammar and Punctuation Carefully: If a message is filled with spelling mistakes, inconsistent sentence structure, or odd phrasing, it may indicate a phishing attempt. 
3. Be Mindful of Generic Greetings: Phishing emails commonly start messages with “Dear User” or “Dear Sir/Madam” rather than using your real name. Legitimate messages typically include your actual name or specific account details. 

Important Notes: 

1. Report Suspicious Messages: Reporting phishing attempts helps prevent others from falling victim to these attacks. Send suspicious messages to is-spam@mcmaster.ca for review and investigation. 
2. Educate Yourself: Learn about common phishing tactics. Consider participating in the Information Security Training Program to protect against cyber threats and secure your digital world.