This morning we received a phish trying to lure students for a paid part-time job. What makes this email a phish? Let’s see:
- The phisher claims the email is from UNESCO but the email domain of the sender is not unesco.org.
- Too good to be true offer! Trying to attract recipients with a lucrative offer, good old social engineering trick to reply to the phisher.
- The phisher wants the recipients to contact with an alternate email address. Warning bells!! Why do they want that? To evade the University network security.
- Email signature is too vague.
The pdf attachment further contains language to trick individuals into replying to the phisher, such as, no need for an interview, if you do a good job they will consider you for a long-term position.
Never reply to emails which try to lure you with too good to be true offers or states an urgent situation. Take your time to think, and then react if need be.
Never open attachments in emails which you were not expecting. This attachment was viewed by Information Security Office in a safe environment.