Phishing, as defined in Wikipedia, “… is the act of attempting to acquire information … by masquerading as a trustworthy entity in an electronic communication.” The most common form of communication today for phishing is email. Phishing exists because it is extremely effective for spammers or criminals seeking usernames, passwords, credit card details or other personally identifiable information.
EMU users are the first line of defense against phishing. There is no way to overstate this reality.
Here are ten things you should think about as you look at every email message you receive:
- Do I know the person identified in the FROM field?
Red Flag - if you don’t know the person.
- Is the email address shown for the FROM name one that I recognize for this person?
Big Red Flag - if the email address is not one you recognize for this person.
Note: FROM email addresses are easily forged. Just because it shows a persons known e-mail address doesn’t mean that person really sent the message.
- Is it reasonable that I should be receiving an email message from this person?
Red Flag - if it seems odd to be getting an email from this person.
- Does the message have an attachment?
Big Red Flag - be super-cautious about all attachments.
- Does the attachment file name end with .exe .vbs .bat?
Really Big Red Flag – Just Hit Delete (JHD!) Get rid of the entire message.
Note: A long list of bad file extensions is available in the E-mail section of the IS HelpZone.
- Does the attachment file name end with .zip or .7z?
Red Flag – there are legitimate reasons for sending attachments as archive files (.zip, .7z). You should only open an archive file if you were expecting to receive one from the sender. Contact them to confirm they sent it and the reason they sent it before opening it. Otherwise, JHD!
- Does the message say that something is wrong with one of your EMU accounts or username?
Really Big Red Flag – JHD! EMU Information Systems NEVER uses e-mail to communicate with you about problems with your accounts. Delete the message ASAP, no matter how persuasive, legitimate or compelling it may seem to be.
- Does the message contain minimal information but urges you to “check this out” or “get something amazing here” or something otherwise playing to your curiosity?
Big Red Flag – curb your curiosity! JHD!
- Does the message seem very legitimate but has a clickable link that does not visibly show the entire website address?
Red Flag – Depending on your email client you may be able to hover over or right-click the link to display or copy the full URL. If you can only copy it, do so and paste it into a blank text document and examine it carefully.
- Does the message contain a link that has part of a familiar web address but has additional text that follows domain segment of the link?
Red Flag – Website addresses (URLs) are essential to getting you to the website you want. Just because they are long, does not mean they are dangerous. Be on the lookout for URLs that contain information that is almost identical to real organizations (i.e. paaypal.com instead of paypal.com). Pay special attention to the domain segment of the URL (the last .aaa notation between the :// and next / symbols). This part of the URL is the address where the web server “lives” and if it does not end with the familiar .edu .com .org .info etc, your caution should rise, particularly if the domain is a “.aa” country code that you wouldn’t expect for the kind of URL you are examining. There are many resources online that describe how URLs work and how they can be dangerous.
JHD! = Just Hit Delete.
It is far better to aggressively delete suspicious e-mail messages than it is to let your curiosity override your judgment and common sense. If you delete something that is was not dangerous and the sender really wanted/needed you to read it — if it is that important — they will surely send a follow up message.