Anatomy of a Phish: August 2024 Phishing Simulation

Test Inspiration:
The phishing email for this test was crafted to resemble an official communication from Delta Airlines, leveraging the recent disruptions caused by the CrowdStrike outage on July 19, which impacted Delta’s flight operations. Delta had publicly announced efforts to make things right for affected customers, including offering travel waivers and vouchers.

Fake Delta travel waiver phishing email used in August’s test.

Phishing Email Context:
Our phishing test mimicked this scenario by informing recipients of a supposed “travel waiver” issued due to these disruptions. The email claimed that customers could manage their travel changes through Delta’s website or app, with a waiver on fare differences for rebooked flights before July 24. Recipients were urged to click on a link labeled “Claim Travel Waiver” to manage their itineraries, making it appear as a legitimate and time-sensitive request.

This phishing email was designed with high authenticity, using Delta’s branding and mimicking the tone and structure of official airline communications. However, the link provided directed to a fraudulent website, designed to harvest login credentials or other sensitive information from unsuspecting users.

Key Findings & Recommendations:

Email Authenticity and Content: Always scrutinize the content of unexpected emails, especially those requesting urgent actions. While this email used realistic airline information, phishing emails often contain subtle inaccuracies or anomalies in the details.

Suspicious Links: Before clicking on any link, hover over it to inspect the actual destination URL. Phishing emails may use URLs that appear legitimate at first glance but redirect to malicious sites. In this case, the “Claim Travel Waiver” link was a key indicator, as it did not direct to an official Delta website.

Urgency and Pressure Tactics: Phishing emails often create a sense of urgency, prompting quick actions to avoid consequences. Be wary of emails that push for immediate action without allowing time for careful consideration.

Familiarize with Authentic Communications: Knowing what legitimate communications from companies like Delta Airlines typically look like can help in spotting fake ones. Legitimate emails from Delta would direct users to the official delta.com domain.

Report Suspicious Emails: If you receive an email that seems suspicious, do not interact with it. Use the Phish Alert button so that GHC Information Security can  better analyze suspicious emails.

Phishing attacks are becoming increasingly sophisticated, often closely mimicking legitimate communications. By staying vigilant and following best practices for email security, you can protect yourself and our institution from these threats. Remember, if something feels off about an email, it’s always better to double-check before taking any action.