Defined by the National Cyber Security Alliance - “A phishing attack is a form of social engineering by which cybercriminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague. The email might ask you to confirm personal account information such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware.”
Phishing is very common, and you can run into it in both your professional and personal life. Here are some things to look out for to help you identify these emails:
Asks you to confirm personal information:
Phishing emails attempt to look authentic, they try to mimic the style of your employer’s email to imitate what you are familiar with seeing. The email may ask you to confirm login credentials - the technology department will not ask you for your password via email. The same goes for your personal life, you could receive an email asking to enter banking or credit card information - these are red flags. If you have any suspicion, contact the sender; not through the contact information in that email but by calling the person/organization or by using an email on their official website.
Email address or link does not look legitimate:
The message is from Emma Gardner, and the email matches our WAMS Stories email address. If it said Emma Gardner <emma_gardner@wams-stories.org> or something similar to that, it is not legitimate. At a quick glance it may seem fine, but make sure the email address is correct. If the sender name matches someone that is part of WAMS Stories, match the sender email to the email that is listed in the directory.
Another thing to look out for is legitimate links. The email may have a hyperlink that displays as something normal, but if you hover over it will display the actual destination. See below:
The word ‘link’ is hyperlinked, but when I hovered over it with the cursor, the website destination displays in the lower left-hand corner. You can see it says google.com - that’s a legitimate site. If you see a link that is bizarre, do not click on it. If you do click on it, there’s a chance that you could infect your computer with malware.
Poorly written
Be aware of an email that has multiple grammar mistakes or misspelled words. A few typos here and there shouldn’t cause alarms. But if you see an email with many obvious mistakes, then it is likely that it is a phishing attempt. Typically emails sent within an organization will be proof-read and will not contain consistently bad grammar.
Suspicious Attachments:
Always be cautious when it comes to attachments, especially ones that are unexpected or from an unfamiliar email address. Attachments are notorious for causing viruses or other malware to be installed on your computer. Definitely do not click on any attachments that have the .exe or .zip extension at the end of the file name from an unknown sender. These are executables and/or zip folders containing programs that will run on your computer and it could be malicious. PDFs and other documents from known senders are safe. If you are still unsure about a file, forward the message to your technology specialist or submit a tech ticket here and we can help you out.
Created To Cause Panic
The biggest reason phishing scams work is the cause of panic. The most common emails include: ‘Your account has been compromised’ - asking to verify your login information or ‘You have a virus on your computer and you need to pay to have it removed’. At first you may panic and give into their demands. But be calm and look into it further before your next move. Think to yourself, does it make sense for what they are stating and make sure the sender is legitimate. There is no harm in being cautious and contacting the supposed sender through other means to be safe.
Spam
Defined by Cisco Systems - “Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list. Typically, spam is sent for commercial purposes. It can be sent in massive volume by botnets, networks of infected computers.”
Spam is even more common than phishing emails. You have probably seen these more frequently in your personal inboxes. Luckily, Gmail and other email services do a good job of filtering out spam automatically. But sometimes they still manage to slip through the cracks and here are some things to look out for:
Most Common Use
The majority of spamming comes from businesses using it for commercial purposes. It’s a cheap way to get advertisements out to the masses. These are usually harmless, just more of a nuisance. This happens by companies obtaining your email address and then subscribing you to their newsletter or sale ads. However, by law, they must include an option to unsubscribe or opt-out - this is usually a link in small print at the very bottom of the email. If you have been receiving hundreds of emails from businesses, unsubscribe from them to halt future emails from that source.
Malicious spam
A popular example of malicious spam is antivirus warnings. Emails that warn you about a computer virus ironically are likely to actually cause a virus. If you ever see one sent to your work email, disregard it, as the district does not use consumer antivirus programs. You may also see emails claiming that you have won a sweepstakes, or someone is in an fabricated emergency scenario asking for money. Use your best judgement when it comes to spam - if it sounds fishy at all, delete it.