Dangerous Email - Identifying a Phishing Attack

Phishing is the attempt to get sensitive information (like user names, passwords, and financial information) by masquerading as a trustworthy source in an email. They can range from crude basic attempts to get money directly, to more sophisticated attacks that include data about an organization you belong to. However, once they are scrutinized, they are easily identifiable to the trained eye. 

Here are some tips, and examples, on how to identify a phishing attack.

The first thing to remember is that CWU will NOT ask you for confidential information in a ”BCC” email, and will not direct you to a link off our secure network.

  • The “To:” field
    • The “To:” field in many phishing emails is left blank. This is because a phisher uses a compromised account to send an email, and instead of sending an email to 50 users from different organizations, they use the BCC to prevent you from notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.
  • The “From:” field
    • In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all!
    • In a money Phishing scheme, these will often not match at all
      • Example: FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg>
  • The Warning Banner
    • The warning banner is present and indicates that the email originated from outside the university
  • Links
    • Look for links that use “Click Here” or other generic terms to hide the link path.
    • Links that lead to a site other than the organization they are pretending to be.  Often generic sub-sites, or foreign sites ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch”
  • Spelling and Grammar
    • Most Phishing attempts are initiated in countries where English is not a primary language.  As such, emails are fraught with grammatical and spelling errors.  See the examples below.
  • Generic IT terms
    • Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations.  While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.

If you receive an email and you are not certain, please use the "Report Message" feature available in your CWU Outlook account to forward this to the Security Services team or contact the Service Desk at (509) 963-2001 before clicking anything in the email.

<Example 1>

<Example 2>

<Example 3>

Was this helpful?
86% helpful - 7 reviews

Details

Article ID: 2749
Created
Tue 11/18/14 11:21 AM
Modified
Fri 3/29/24 3:16 PM