January 11, 2021
Spear Phishing Attack Targets CMU
On Saturday, January 9th the Carnegie Mellon University community was the target of a highly sophisticated spear phishing attack. The message appeared to be sent from firstname.lastname@example.org with the subject message “ID 449189 – Account Irregular Activity Detected – “.
Spear phishing is a personalized phishing attack targeting a group of people. Attackers may disguise themselves as real organizations and include recognizable content within the message in order to make the phishing attack appear more legitimate.
This particular spear phishing attack contained a spoofed email address which portrayed the message as being sent from a legitimate university department. The message also utilized phishing tactics such as conveying a sense of urgency through threatening and pressing language, as well as included a call-to-action by directing recipients to “verify account information” including AndrewID passwords.
If users were to analyze the email headers, they would have noticed that the ‘reply-to’ for the email was being sent to a non-university email address. Luckily, the majority of CMU members who received the phish were able to identify the message as a phishing attempt and reported it to email@example.com or through the report phish button - PhishAlarm.
Continue reading below to view the phishing message and email headers.
Spear Phishing Campaign
Subject: ID 449189 - Account Irregular Activity Detected --
To learn more about real-world phishing attacks at Carnegie Mellon University visit the ISO's Phish Bowl.