Two days ago, when I was working in the laboratory for group meetings, I was attracted by an email I just received. Of course, everyone can understand that when people are working in group PPT, they are often attracted by everything else [dog head]
This email was sent to my @mails.tsinghua.edu.cn email . I basically use this email address to receive academic notifications, such as notifying me to participate in the academic festival in the department, the school has opened the application for postponement, a young lady has fanned my researchgate, etc...
This email is from admin, the title is "Abnormal Behavior Login Warning" , and the monitoring of the Internet Shield system found that your Tsinghua account is abnormally logged in overseas, and may have been stolen. Please change your password as soon as possible!
Seeing this, I couldn't help but fall into deep thought... A person who wants to steal my account, I can understand you steal my bank card, but it is reasonable to steal my Alipay. The question is what can you do if you steal my Tsinghua account? Do you want to help me register for school entrance and exit, or check my transcript, or do you want to help me pay the party dues?
Just when I suspected that this was a scam email, a buddy in the lab suddenly said that he also received the same email! Then this is obviously a scam email! We both looked at each other and smiled, and the whole laboratory was filled with joy.
Once the scam is accepted, the doubts about this email will be even more. For example, we only saw that the email address was not [email protected] at all, but [email protected]! It’s not “Tsinghua” , but “squeezing you” !
But to be fair, the text of this scam email is relatively excellent. The format is neat, the narrative is clear, the tone is sincere and strong, and the use of exclamation mark is just right.
This aroused my strong curiosity: What is the scam link in the email? Click on the meeting?
didn't think much about it, I decisively clicked on the link! The result actually showed the standard login interface of our school. This liar did his homework! But the address bar is still dazzling.
Just as I calmly analyzed it, I said it soon, and the web page suddenly became the following one! The title is "2021 Fishing Email Drill: Lottery Instructions".
The first paragraph of the text says: "This is a phishing email drill carried out by the school. We unfortunately notified you that you failed to identify the phishing email in the first time in this drill, so we came to this page."
So, this is actually a phishing email sent by the school!
is to test how many students will click in and then give him an anti-fraud warning [rolling your eyes]
This information is quite thoughtful [rolling your eyes]
After learning the truth, the brothers in the laboratory were extremely excited and opened their emails to check the emails. Some brothers received it, so they quickly clicked on the phishing link and entered their account and passwords to see what would happen. Some brothers did not receive it, and were ridiculed by everyone for even receiving a fraudulent email was excluded by the school. The whole laboratory is filled with joyful air.
The next day, the school sent "2021 Phishing Email Drill Progress Notice" . Data shows that 8933 people in the school opened emails, 3165 people clicked on the link, and 397 people tried to upload their personal passwords.
The brothers in the laboratory hugged each other and cried after seeing this email, congratulating each other on the 397 people we are among those 397 people! We survived to the last round! Only 4% of the school have unlocked this achievement!
The atmosphere of the entire laboratory reached a climax. I don’t know if this scene was the path the principal once conceived.
The next day, I received another email titled "Invite You to Participate in Extracurricular Activities Experience Survey". There is another link this time, but the sender's email is still "Squeeze you" .
But all the schools have fished, is it appropriate for me to take the bait? [Dog Head]
So I took a little hand and this time the link jumped to the login interface of the email.
Just as I was about to give it a try, the web page jumped again! The title is "Instructions for the 2021 Fishing Email Drill to Open the "Award" (Continued)". There are 5 bright words written on it: Why is it you again in !
The school said: "In the phishing email drill from December 1st to 2nd, because you clicked the phishing link in the body of the drill email (and there is also "Curious Baby" trying to fill in the account password), it was included in the second round of drill. , so coincidental! Why are you here again this time..."
In short, the school is still quite strong! With one operation, every student realizes that in , you must develop the awareness of identifying phishing emails! If you get hit, it may cause personal account information and important data to be lost, and may also pose a threat to the surrounding network environment!
Specifically:
(1) Look at the sender's email address. If there is a spelling error, it is definitely a scammer;
(2) Look at the main text, don't click on the main text content if you think it is strange;
(3) If there is a link in the text, put the mouse on the link. If another URL is displayed, or if you jump to ask you to enter your account and password, you may also be a scammer! When you are like
, you either ignore it or report it directly!
Postscript
Just now I suddenly received such an email again.
Seeing a link in the email text, I don’t care who the sender is, and it’s a report on the spot!
Why do you guys say I did it right?[dog head]
