There are several types of potentially malicious emails that use tactics in an attempt to get personal or sensitive information from you. Below are some of the different types of malicious emails that perpetrators send, and some indicators to keep an eye out for.
1.) E-mail Spam is a message that is sent to many people, often simultaneously, that either contains web links to Internet websites that host malware or contains executable malware within the message designed to infect the computer when opened. These messages are also called junk e-mail. Below is an example of an email with a web link that can contain malware.
Things to look for:
- Is the email in bulk and from a company or person that is unsolicited?
- Is the sender known to you and does the email match the sender?
- Does the subject line seem strange or regarding something you didn't ask for?
2.) Phishing is the term for messages sent to individuals via a fraudulent solicitation in e-mail, text message, or on a website with the intent to fool unsuspecting recipients into providing personal information, such as user names, passwords, and financial account information. They often employ social engineering tactics by creating messages that appear to be legitimate. These messages can also lure individuals to malware-hosting websites. Below is an example of a phishing email.
What to look for:
- Is the domain name (name after the @ symbol) an exact match to the company that they're representing?
- Are there suspicious links embedded in the email?
- If you hover over a link does it lead to a website you would expect from the sender?
3.) Spear phishing differs from phishing in that it targets a specific department, division, or college, seeking unauthorized access to protected information. These messages allegedly come from IT support staff or other professionals in a position of authority from within the targeted department, division, or college. As with phishing, these e-mails will attempt to trick users into divulging personal or financial information, or their credentials, or entice them into clicking on a link that could install malware on the computer.
- Is the sender coming from your college or a specific department within your organization?
- When you hover over the sender, does it show the correct email address of the department?
- Is the email asking for personal or sensitive information?
4.) Virus Hoaxes are messages that contain false warnings about nonexistent threats and may instruct recipients to take actions like forwarding the warning to others. they usually claim you have to act now to avoid a penalty. This false sense of urgency is a common trick of phishing attacks and scams.
- Is there a sense of urgency or a demand for immediate action?
- Is it asking you to forward the warning to everyone you know?
- Does the email warn you of a compromise or a virus that has been detected?
5.) Vishing is phishing messages using voice communication technology to obtain credit card numbers or personal information through phone calls.
Things to look for:
- Is the call unsolicited and asking for personal information?
- Is there a sense of urgency coming from the caller?
- Do you notice poor call quality?
6.) Smishing is phishing via text messages on mobile phones, where criminals impersonate legitimate sources to install malware on devices.
- Does the phone number and display name appear to come from a local number or trusted source?
- Are there misspellings within the text body?
- Is the text unsolicited and asking for you to take action by clicking a link?
7.) Whaling is a phishing attack targeting high-profile individuals within organizations, such as senior executives.
- Is the email coming from your supervisor or a chief executive you work with regularly?
- Does the email have a sense of urgency asking you to click a link and complete a task right away?
- Does the person claim to be out of town or unavailable?
- Does the email contain personalized information about the individual or organization?
8.) Extortion Emails can also be part of sextortion campaigns. Victims receive an email threatening to send a pornographic video of them or other compromising information to family, friends, co-workers, or social network contacts if a ransom is not paid.
- Are there misspellings or poorly written English?
- Is the email demanding a large sum of money to protect private content from being shared with friends, family, or the public?
- Is the email asking for Bitcoin or cryptocurrency as the form of payment?
- Is the sender using a free email domain (such as hotmail.com, yahoo.com, gmail.com)?
More information on phishing attacks can be found here Dangerous Email - Identifying a Phishing Attack
What to do if you identify an email as spam or phishing:
- Report an email as suspicious in your Outlook client by following the instructions in the link provided here: Reporting Phishing and Junk emails in Outlook
- If you've clicked on a link or interacted in any way with the email, change your password immediately and Contact the Service Desk at (509) 963-2001 for assistance in securing your account.