Docs Information Security

Can You Spot The Phishing Email?

Image Description
Taube, Dan Published on Oct 06, 2020 

Email fraud illustration by mohamed Hassan from Pixabay

Week 1 of National Cybersecurity Awareness Month

October 2020 is the 17th year of organizations promoting National Cybersecurity Awareness Month to help their users be safer and more secure online.

This article is from the National Cybersecurity Awareness Month 2020 series.

Phishing attacks come in many forms

Review these examples and think about whether you would be suspicious.

Example Phishing Email Related to a Fraudulent Job Offer

Curiosity and desperation are vital components of this common scam.  The email entices you to click on a link to find out more about a job offer. The link either downloads malware or directs the user to a fake log-in page to capture your credentials.

We recommend never trusting an unsolicited job offer. Always use official sources such as https://jobs.illinoisstate.edu/.

Example of Phishing Email Related to Account AlertsFear is a powerful motivator.  Scammers could alert you that your account will be closed automatically unless you ACT NOW.  When all that is required to keep your account working is to click a link and log in, why wouldn't you? What you might not realize is that the link took you to a fake log-in site, and by entering in your credentials, you just handed over your username and password to a bad actor.

Most services will notify you ahead of time if they are going to be removing your account. Very few will send a message with no notice and require immediate action.

Example Phishing Email related to Fake Covid-19 Annoucements

Leveraging the news of the day, these scams offer you special information.  These links are included for a malicious purpose and they could install a virus or malware onto the user's device.  The user will likely think that the link did not work or will open a generic document but a malicious program could be installing without the user's knowledge.  Don't click on links or view attachments for these types of emails.

Try to learn the official sources for communications that do seem appropriate. An example would be MassEmail@IllinoisState.edu which handles such messages.

Also check out our How Do I Protect Myself From Cybercriminals During COVID-19? article for further reading.

Phishing attacks come at any time

We lead busy lives. Scammers know that people are most vulnerable when they are distracted. If you get an urgent message alerting you that your account has been compromised in the middle of class or while walking to your car, will you examine it closely or just react?

Phishing emails are successful when we glance over them and take action without much thought.  Whether it is downloading a file to learn more, clicking a link reset your password, or replying to find out more about a job offer, the result the is same.  When you only react, you are caught.

Phishing attacks can stop with YOU

The greatest defense against a phisher is an informed user. Follow this guidance and Do Your Part. #BeCyberSmart!

  • Think before you act. Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
  • Take time to verify. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly through a different method. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
  • Be wary of clicking on links. Avoid clicking on hyperlinks in emails before hovering over links to see what site the link is sending you to.
  • Ask for a review. When you forward an email to abuse@ilstu.edu, we will be able to review it for legitimacy.