Phishing Emails - Important Reminders!
Hello everyone,
Over the two past weeks, there has been an increase in the number of phishing emails that have reached our mailboxes. Cyber criminals are constantly evolving their techniques for formatting and sending email scams. Even with advanced scam detecting and filtering, it is impossible to catch every phishing email. It is important to be able to spot a fake email and know what to do once you find one. To help identify a potential phishing scam email, we will use the following example:
In this email, we can see the most common phishing tactics located in the subject line, sender’s address, body.
Subject
A phishing email will always contain a subject line that calls for immediate attention. This is usually done by threatening something, as in this example. The scammer gives you a limited amount of time to update your password before you lose access to your account. Another common tactic is to tempt you into clicking a link, usually by offering money. Please note that when a password reset is required, you will be notified by a member of the IT department.
Sender’s Address
It is a common practice for scammers to disguise their email address to make it appear as though it is coming from a trusted source. In the example, the scammer has made their contact information look as if they are from the same university. Hovering over the sender’s contact information will reveal the actual email address that it was sent from. If the actual address does not match the contact information, it is most likely a scam.
Body
Typically, a scammer will do their best to make a phishing email look as legitimate as possible. However, they will make grammatical or spelling errors on occasion. In the example, some of the grammar is a bit off for an automated system’s email. Errors in the body of the email can be more difficult to notice and are usually found once you have been tipped off in other areas.
Links and Attachments
Even if the entire email looks legitimate, you should never click a link or open an attachment in an email that you did not expect to receive. If you do receive an email like this, you should reach out to the sender using a separate form of communication to ensure it is real. Prior to sending an email with a link or attachment, you should contact the recipient to inform them.
Reporting
When you identify a possible phishing email, you can report it using the built-in reporting tool in the email. Click the dots next to the reply button, and choose Report Phishing. This step helps improve the system’s phishing detection, which will reduce the number of attacks in the future. Once the email has been reported, it can be deleted.