Detecting and Recognizing a Phishing Email

What is it?

Phishing (pronounced "fishing") is probably the most common form of social enginnering we see at the University.  Phishing is a kind of identity theft that is growing in popularity amongst hackers.  Phishing emails will typically contain a statements that something is going to happen to your account if you don't act now, which usually involves clicking on a link to a page where you are requested to provide your username and password and sometimes more.  Phishing is using email or social skills (social networking) to trick you into providing personal/financial information, most commonly passwords and credit card numbers, to gain access to your accounts and steal more data or money.  By using fraudulent websites and false emails, perpetrators attempt to steal as much information as you are willing to give them.  If you think you have received an email that you think is a “phish”, the tips below can keep you from taking the bait and getting hooked.

Another variant of phishing is Spear Phishing, which is targeted towards a specific individual, position,  organization or business; likely to obtain confidential information or higher level credentials. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.

Also, Whale Phishing is a term used to describe a phishing attack that is specifically aimed at wealthier individuals. Because of their relative wealth, if such a user becomes the victim of a phishing attack he can be considered a “big phish,” or, alternately, a whale.

Receiving the Email

  • Know the online companies you deal with.  When a suspicious email arrives in your inbox - THINK: it could be fraud, it's definitely spam, and it's not for you.  Use the options to mark as Phishing or Spam and then Delete it!
  • Look carefully at the subject line.  Example: Chase Bank will never send you an email headed " _ChaseBank _account _update  ACT-NOW ".  These messages may sneak through your spam filters because they appear to come from a reputable source, but that doesn't mean it's really from Chase Bank. Your bank will never ask you to send your passwords or personal information by mail.
  • Never respond to the email or clink the link attached in the email, as it might direct you to a fraudulent website.  If you have the slightest doubt, call your bank directly for clarification.
  • Learn to identify suspicious emails.  Hackers will duplicate the image of a real company; they can copy the names of a company or an actual employee names; they include sites that are visually similar to a real business; and they promote gifts, or the loss of an existing account.

Reviewing the Email

  • Understand how the companies you deal with want to interact with you.  For example, banks usually want you to access your account through their website - not an email link.  "Phishing" emails stand out because they don't follow the rules.
  • Practice safe browsing. Open a new browser window each time you log on to a website that displays personal information.  When you are done, log out and close that browser window.
  • Be sure to thoroughly read emails that say they are from companies you know.  Watch for spelling and grammatical errors.  Sometimes a real email will have an occasional spelling or grammatical error, but anything more than one is suspicious.
  • Hover over email addresses and the links with your mouse cursor and verify them.  In some email systems, you can scroll over the different links in an email and see the actual contents of the link.  If the email says PayPal, but the link says "www.paipall.com", be careful.  And note: URLs can be disguised - so don't take a suspect link at face value.  You can also Google and compare. This tip used to be safe, but at times just hovering over emails may cause a malware to launch. 
  • Never enter your personal or credit information into a form in an email.  If you feel the email is legitimate, visit their website and log in or call the company directly to provide the requested information.  Don't click on the link!
  • Most "phishing" emails are not personalized.  Expect good customer service from your online providers.  Unless your name is "eBay User" or "Friends", if you receive a "Dear Customer" email, it may be time to move on.

How can we prevent this type of phishing attack and how do you report it?

Stay on Guard:

  • Enhance the Security of Your Computer - Use and maintain your email protection software for spam blocking, fraud blocking, and anti-virus.
  • Enter Your Sensitive Data in Secure Websites Only
  • Periodically Check Your Accounts- Read your bank statements - every one, every month to ensure your charges and debits are correct.  Stay vigilant and report any suspicious activity immediately.
  • Have the Slightest Doubt, Do Not Risk It
  • Get informed and stay informed about the evolution of current Malware - Here are some links that can help you learn what is out there: 
  • Purchase Identity Insurance - just like having home insurance you can purchase identity insurance
  • Get familiar with GMAIL security tips
  • More essential tips to help you beat phishing scams

Reporting
If you receive a message that our phishing detection system doesn't pick up on, click the down arrow next to Reply at the top-right of the message pane, and select Report Phishing to send a copy of the message to the Gmail Team.

   image of the drop down arrow key next to the Reply button in an email message.

You may also forward a copy of the message to the IT Service Desk, csupport@weber.edu. If possible send the message header with the copy of the email. Message headers contain tracking information for an individual email, detailing the path a message took as it crossed mail servers.

To get the message header information just follow these steps:  Message Header 

If you are still uncertain if it is a phishing email, here are some additional steps you can take:

  • Check whether the email was authenticated by the sending domain. Open the message and click on the 'show details' icon below the sender's name. Make sure the domain you see next to the 'mailed-by' or 'signed-by' lines matches the sender's email address.
  • Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. For example, the Gmail URL is http://mail.google.com/ or, for even more security, https://mail.google.com/. Although some links may appear to contain 'gmail.com,' you may be redirected to another site after entering such addresses into your browser.
  • Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.
  • Check the message headers. The 'From:' field is easily manipulated to show a false sender name. Learn how to view headers.
  • If you're still uncertain, contact the organization from which the message appears to be sent. Don't use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.
  • If our system flags a message as phishing, but you've validated the source from which the message originated, click the down arrow next to Reply at the top-right of the message pane, and select Report Not Phishing to let us know the message is legitimate.
  • For more information on how to handle unwanted or suspicious email, visit Unwanted or Suspicious Emails.

What if you responded?

If you entered your WSU account or personal information as the result of a spoof or phishing message, take action quickly.

  • Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov.  
  • If you entered credit card or bank account numbers, contact your financial institution.
  • If you think you may be the victim of identity theft, contact your local police.

To view Current Threats visit this page: http://www.weber.edu/iso/current_threats.html

For support or if you have questions please contact: