Phishing Email Scam: Password Expiry Notice

Phishing Email Breakdown 

This email attempts to create a false sense of urgency by claiming the recipient’s password will expire soon and requires immediate verification to avoid service interruption. It urges the recipient to follow a link to “keep default password settings,” which leads to a fake Microsoft login page designed to steal login credentials. 

Visual Example of the Phishing Email 

Full Text of the Phishing Attempt 

Hello {McMaster email address} 

Password to your email account {McMaster email address} expires today at 12:00AM. 

To avoid Service interuption, your verification is required accordingly. 

To keep default Password settings, follow or copy and paste this link to browser: 

{fake Microsoft login portal} 

Support Mcmaster 

How to Protect Yourself? 

1. Avoid Clicking on Suspicious Links: Hover over or copy the link to view the complete domain name. Scammers often create URLs that resemble authentic ones by inserting subtle misspellings or extra characters. If the link looks suspicious, it’s safer to visit the official website directly or use a reputable search engine to find the correct webpage. 
2. Review Grammar and Punctuation Carefully: If a message is filled with spelling mistakes, inconsistent sentence structure, or odd phrasing, it may indicate a phishing attempt. 
3. Watch Out for Emotional Triggers: Phishing emails often use fear, sympathy, or urgency (e.g., “Your account will be closed immediately!”) to push users into acting without thinking. Pause, reevaluate the request, and confirm its legitimacy before responding. 
4. Check Branding, Formatting, and Logos Carefully: Phishing emails may imitate official layouts or use low-quality, off-colour logos. Verify that logos, colours, and the overall format matches what you typically see from the genuine organization. 

Important Notes: 

1. Report Suspicious Messages: Reporting phishing attempts helps prevent others from falling victim to these attacks. Send suspicious messages to is-spam@mcmaster.ca for review and investigation. 
2. Educate Yourself: Learn about common phishing tactics. Consider participating in the Information Security Training Program to protect against cyber threats and secure your digital world.