New message
September 5, 2018
Activate 2-factor authentication.
October 17, 2018
Return to the Phish Tank
Date Sent: Monday, October 15, 2018 at 9:47 AM
Subject: Service ID: D203ZFVAHD7609
Sender:"Swanbon, Gloria" gswanbon@necc.mass.edu
Hi,

This email requests that you respond to an survey regarding online course evaluations. The names of the corresponding instructor and course are located at the top of the evaluation. Follow the link to open the course evaluation.

=========================
Service ID: D203ZFVAHD7609
=========================
http://necc.mass.edu/faculty/course.php?id=D203ZFVAHD7609

Thank you for your participation.

Regards,
NECC staff Instructor
---------------------------------------------------
Note: This email has been created automatically.

What's wrong with this email?

1. This email came from a compromised internal NECC account. So while the email may look like it's from a genuine source, it is in fact a fraudulent phishing attempt.

2. NECC Course Evaluations are handled by a third party system, EvalKit, Course Evaluations would never be stored on our public facing website that is freely available to the public.

3. If you hover (place your mouse pointer, but don't click) over the "http://necc.mass.edu/faculty/course.php?id=D203ZFVAHD7609" text, you'll see that the link they want you to click on will be taking you to https://tinyurl.com/yap3jws6. This link is a little bit more tricky than the others as it uses a "url shortener" to mask the actual destination of the URL. Unshortening the url, you will see that it is really bringing you to this url: https://davilasemijoias.com/wp-includes/necc.mass.edu/ - and you can clearly see this has nothing to do with NECC or Course Evaluations. Again, just because it has "necc.mass.edu" in the domain somewhere, doesn't make it a real NECC domain.
Tweet
Share
Pin
Share
0 Shares
Christopher
Christopher
X