Information Technology

Email phishing

Phishing is a cybercrime where a target is sent an email which appears to be real to lure the individual into providing sensitive information about themselves.

I want to:

Email phishing

It is called ‘phishing’ because the criminals send out the fake email to hundreds of people, and while the institution in the email will not apply to everyone, it will apply to some. Just like fishing, we cast the line out and wait for the fish to take the bait.

Criminals are looking for sensitive information such as social security numbers, passwords, credit card information or bank account numbers. They use this information to access important accounts which can lead to identity theft.

For example, say you have two people who both receive a ‘phishing’ email that appears to be from Huntington Bank. Person one may have a Huntington Bank account where person two does not. Person one may think that the email is real and takes the bait and clicks on a link in the email. They are taken to a page that looks like the Huntington Bank website but is really a dummy site waiting to get their login information.

Social engineering red flags

  • I don't recognize the sender's email address as someone I ordinarily communicate with.
  • This email is from someone outside my organization and it's not related to my job responsibilities.
  • This email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
  • Is the sender's email address from a suspicious domain (like microsoft-support.com)?
  • I don't know the sender personally and they were not vouched for by someone I trust.
  • I don't have a business relationship nor any past communications with the sender.
  • This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I haven't communicated with recently.

  • I was cc'd on an email sent to one or more people, but I don't personally know the other people it was sent to.
  • I received an email that was also sent to an unusual mix of people. For instance, it might be sent to a random group of people at my organization whose last names start with the same letter, or a whole list of unrelated addresses.

  • I hover my mouse over a hyperlink that's displayed in the email message, but the link to address is for a different website. This is a big red flag.
  • I received an email that only has long hyperlink with no further information, and the rest of the email is completely blank.
  • I received an email with a hyperlink that is a misspelling of a known web site. For instance, bankofarnerica.com - the ‘m’ is really two characters 'r' and 'n'.

  • Did I receive an email that I normally would get during regular business hours, but it was sent at an unusual time like 3 a.m.?

  • Did I get an email with a subject line that is irrelevant or does not match the message content?
  • Is the email message a reply to something I never sent or requested?

  • The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. This sender doesn't ordinarily send me this type of attachment.
  • I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file.

  • Is the sender asking me to click on a link or open an attachment to avoid a negative consequence or to gain something of value?
  • Is the email out of the ordinary, or does it have bad grammar or spelling errors?
  • Is the sender asking me to click a link or open an attachment that seems odd or illogical?
  • Do I have an uncomfortable gut feeling about the sender's request to open an attachment or click a link?
  • Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?

Here are some things to look for with a phishing scam:

1

The message contains a mismatched URL or domain name

The first thing you can do with a suspicious email message is check the integrity of any embedded links or URLs.  Many times the URL in a phishing message will appear to be perfectly valid, but when you hover your mouse over the top of the link, you should see the actual hyperlinked address (at least in Outlook).  If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.  In this email from Wells Fargo, you can can see when the cursor is placed over the link, the actual URL is displayed.
phishing email example one
phishing email example two
 

2

The message contains bad spelling or grammar

When a large company sends out an email that represents the company as a whole, the message is usually checked for spelling, grammar and legality, among other things.  So if a message is filled with poor grammar or spelling mistakes, it most likely did not come from a major corporation's legal department.

phishing typos example

3

Something just doesn't look right

In Las Vegas, casino security teams are taught to look for anything that JDLR - just doesn't look right, as they call it.  The idea is that if something looks off, there's probably a good reason why.  This same principle almost always applies to email messages.  If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.

The email here appears to come from Apple and tells me there is an issue with my account.  If you take the time to read the message, it quickly becomes apparent that it is not coming from Apple.  It contains bad grammar.  Sentences that are not capitalized at the beginning and links that do not actually go to apple.com.  Sometimes it just takes an extra minute of your time to recognize a scam.

phising email example three