The Information Security and Data Privacy (ISDP) office sends monthly simulated phishing emails to Central Administration and FAS employees. This program provides members of the community with experience identifying and reporting phishing emails in a safe environment, in addition to gathering valuable metrics to help improve our security services. These simulated emails are based on real phishing attempts seen at the University.
After each email is sent, we’ll break down the key characteristics of the phishing attempt so that you know what to look for in future. February’s simulated phish was an email falsely purporting to come from the online vendor booking.com, with a tall tale about a hotel guest that needed your assistance to retrieve belongs left behind.
What you were asked to do:
The email claimed to come from booking.com and said that they were reaching out to you on behalf of a guest who stayed at “your property”. The email said that the guest had left belongings behind and was struggling to reach a representative from the hotel, before asking you to click on the link in the email to keep “your property’s” account active.
What to watch for:
The following clues revealed that something was phishy about this email:
- Unusual salutation and sign off: The email was addressed to you generically and the sign off was from “The Booking” which was probably supposed to read The Booking Team.
- Not your role: The sender treated you as someone in hotel management. We don’t know about all of you, but that is certainly not part of our roles here at Harvard!
- Bad link: Hovering over the link would reveal that it would not direct you to a page on booking.com, but to another website altogether.
- Sender’s email is suspicious: The sender’s email address does not match what you’d expect to come from booking.com. Instead it is came from booking-info.net.
Want more information on phishing?
Visit our website to learn more about phishing, what to watch for, and how to report a suspected phish.