Carnegie Mellon University
This page features real-world phishing threats that were received from members within our community. Review the examples of phishing and notice the phishing indicators of each message.

From: Arthur Mackenzie <>
Tepper School of Business Enrollment Office
Candidate Recommendation for Enrollment

Good Afternoon,

My name is Dr. Arthur Mackenzie, I am a professor of business administration in the Business, Government, and International Economy Unit at Harvard Business School.

During the 2018-2019 academic year I had the privilege of having Ralph Johnson as my Teaching Assistant. Mr. Johnson exceeded all expectations in his job duties for me and it was a pleasure getting to know him. I was recently informed that Mr. Johnson has applied to Carnegie Mellon's Tepper School of Business.

Please consider this message my official endorsement of Mr. Johnson for enrollment into your business program. I believe he would be an asset to any organization. I am attaching the candidate's CV to this message.

If you have any further questions regarding my recommendation, please let me know.


Arthur Mackenzie, PhD
Harvard School of Business

1. The message is being sent from a personal email account instead of a professional account.

2. The message is unexpected and contains a suspicious attachment.

From: Farnam Jahanian <>
VP of Finance
New Request

Hi Susan,

I hope you are well. I know you're the one who can certainly help me out with this. I need a wire transfer to be processed as soon as possible.

I appreciate your help,

Farnam Jahanian,
Carnegie Mellon University

1. Creates a sense of trust by using the intended victim's first name.

2. Message creates a sense of urgency "wire transfer to be processed as soon as possible."

3. Manipulated the victim's emotions by stating she "certainly" can handle this request.

4. The email address is coming from a non-university email address domain.

From: Carnegie Mellon University <>
Wednesday, October 31, 2018 8:26 AM
Blackboard Notification

You have received a new message to you via Blackboard System.

Carnegie Mellon University

  1.  Display name doesn't match the email address nor the email domain.
  2. Phony URL to a generic site.
  3. Spelling error "messge"
  4. The official signature block is not consistent with University emails. 

From: Microsoft Support <>
Tuesday, February 26, 2019 10:12 PM
IT Information

mailbox almost full
Your Mailbox is Full, You Will Not Be Able To Send Any Other Mails, CLICK HERE To Verify Account

  1. The email domain "" does not match the email name "Microsoft Support".
  2. Grammar error: "Send Any Other Mails".
  3. The message conveys of sense of urgency "You Will Not Be Able To Send Any Other Mails".
  4. The "CLICK HERE" URL sends users to a spoofed Microsoft Outlook sign-in page where the user is prompted to enter Username and Password.

From: Jane Doe <>
Monday, November 4, 2019 11:48 AM
Subject: Fw: CMU Employee Engagement Survey 2019 (November 4) ***PLEASE READ*
Importance: High
This message was sent securely using Zix
From: Farnam Jahanian 
Monday, November 4
To: All Employees

Subject:CMU Employee Engagement Survey 2019 (November 4) 
Carnegie Mellon University
Dear CMU Staffs,
You are cordially invited to participate in the 2019 Employee Engagement Survey. We have once again partnered with the consulting firm to administer the survey. It will only take about 5 minutes to complete. 
Click Here to Take the Survey
When completing the survey, please express your opinions frankly as the survey is confidential. Please complete your survey no later than tomorrow November 5, 2019. Your participation in the survey is encouraged and greatly appreciated. Thank you in advance.

Farnam Jahanian
Carnegie Mellon University (CMU)

  1. Compromised account from another university, created fake sender information below with an image to look secure "This message was sent securely using Zix".
  2. The subject conveys a sense of urgency "PLEASE READ", as well as the due date being one day after the email was sent.
  3. Grammatically incorrect greeting "Dear CMU Staffs" and grammar "It will only take about five minutes".
  4. Ambiguous sentence "We have once again partnerered with the consulting firm".
  5. The URL redirects users to a PDF reader download page titled "important doc.pdf" which contained malware.

From: University 
Thursday, September 12, 2019 7:23AM
Subject:Your Password will expire in 1 day(s)
Dear network user,
This email is meant to inform you that the password on your account will expire in 24 hours.

Please follow the link below to update your password.
Thank you,
Network Security Team

  1. The sender is a generic "University".
  2. The subject creates a sense of urgency alerting the password will expire in 1 day.
  3. The greeting is generic and not addressed to a specific person "Dear network user".
  4. The link redirects to a phony log in screen where the user is instructed to enter account credentials.