2020-05-05 - 4 EXAMPLES OF PHISHING EMAILS WITH FAKE LOGIN PAGES

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-05-05-phishing-emails-4-examples.zip   8.5 kB (8,542 bytes)

• 2020-05-05-phishing-email-example-01.eml   (3,383 bytes)
• 2020-05-05-phishing-email-example-02.eml   (2,274 bytes)
• 2020-05-05-phishing-email-example-03.eml   (5,125 bytes)
• 2020-05-05-phishing-email-example-04.eml   (33,670 bytes)

• 2020-05-05-fake-login-page-traffic-4-pcaps.zip   646.6 kB (646,597 bytes)

• 2020-05-05-fake-login-page-traffic-example-01.pcap   (36,332 bytes)
• 2020-05-05-fake-login-page-traffic-example-02.pcap   (120,224 bytes)
• 2020-05-05-fake-login-page-traffic-example-03.pcap   (541,662 bytes)
• 2020-05-05-fake-login-page-traffic-example-04.pcap   (81,148 bytes)

NOTES:

• To sanitize these emails, I changed the original recipeints to my email address brad@malware-traffic-analysis.net.
• Links from the phishing emails were all HTTPS, but I used HTTP when checking the fake login pages for the pcaps.

 

IMAGES

Shown above:  Screen shot from 1st email example.

 

Shown above:  Fake login page using link from 1st email example (used link as HTTP instead of HTTPS).

 

Shown above:  Screen shot from 2nd email example.

 

Shown above:  Fake login page using link from 2nd email example (used link as HTTP instead of HTTPS).

 

Shown above:  Screen shot from 3rd email example.

 

Shown above:  Fake login page using link from 3rd email example (used link as HTTP instead of HTTPS).

 

Shown above:  Screen shot from 4th email example.

 

Shown above:  Fake login page using link from 4th email example (used link as HTTP instead of HTTPS).

 

Click here to return to the main page.