Email Phishing Awareness

Summary

An overview of how to identify phishing email attempts

Body

A reminder about best practices if you receive a suspicious email:

  1. Never click links from an unknown sender or from a suspicious looking email.
  2. Never enter your password or private, sensitive or confidential information in a pop-up window or website without first validating the authenticity of the URL.
  3. Check for a padlock symbol on a website URL that you are entering private information into. This denotes that the website is using a secure, encrypted connection 
  4. Many emails can be spoofed and appear to be sent from a trusted source, check the email address of the sender to determine if it is a legit source.
  5. If you are unsure, you should contact the sender via a different method of communication. If the email looks like it came from a colleague or someone known to you, try calling them to confirm it is from them. 

Examples of types of phishing emails:

  1. Emails Insisting on Urgent Action
    Emails insisting on urgent action do so to fluster or distract the target. Usually this type of email threatens a negative consequence if the action is not taken, and targets are so keen to avoid the negative consequences that they fail to review the email for inconsistencies or indications that it may be phoney.
  2. Emails Containing Spelling Mistakes
    Emails alleging to come from a professional source that contain spelling mistakes or grammatical errors should be treated with suspicion.
  3. Emails with an Unfamiliar Greeting
    Emails sent by friends and work colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used, and those containing language not often used by friends and work colleagues, likely originate from an attacker and should not be actioned or replied to.
  4. Inconsistencies in Email Addresses
    Check the sender email address against previous emails received from the same person rather than trust the sender name. You may have to hover over the sender to see the full email address to verify its authenticity.

  5. Inconsistencies in Links and Domain Names
    Links to malicious websites can easily be disguised as genuine links. Therefore, it is also advisable to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from (say) a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.
  6. Be Wary of Suspicious Attachments
    File sharing in the workplace now mostly takes place via collaboration tools such as OneDrive or SharePoint. Therefore, emails from colleagues with file attachments should be treated suspiciously – particularly if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
  7. Emails That Seem Too Good to Be True
    Emails that seem too good to be true incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so.
  8. Emails Requesting Login Credentials, Payment Information or Other Sensitive Information
    Emails requesting login credentials, payment information or other sensitive information should always be treated with caution.

Details

Details

Article ID: 1005
Created
Mon 2/8/21 6:47 PM
Modified
Fri 8/27/21 6:22 PM