Types of Potentially Malicious Emails

Summary

 

There are several types of potentially malicious emails that use tactics in an attempt to get personal or sensitive information from you. This article lists the different types of malicious emails that perpetrators send, and some indicators to keep an eye out for.

 

 

Email Spam

What it is: A message that is sent to many people, often simultaneously, that either contains web links to Internet websites that host malware or contains executable malware within the message designed to infect the computer when opened.

  • These messages are also called junk e-mail.
  • Below is an example of an email with a web link that can contain malware.

What to look for

  • Is the email in bulk and from a company or person that is unsolicited?
  • Is the sender known to you and does the email match the sender?
  • Does the subject line seem strange or regarding something you didn't ask for?

 

 

 

Phishing

What it is: Term for messages sent to individuals via a fraudulent solicitation in e-mail, text message, or on a website with the intent to fool unsuspecting recipients into providing personal information, such as user names, passwords, and financial account information.

  • They often employ social engineering tactics by creating messages that appear to be legitimate.
  • These messages can also lure individuals to malware-hosting websites. Below is an example of a phishing email.

What to look for

  • Is the domain name (name after the @ symbol) an exact match to the company that they're representing?
  • Are there suspicious links embedded in the email?
  • If you hover over a link does it lead to a website you would expect from the sender?

 

 

 

Spear Phishing

What it is: Differs from phishing in that messages targets a specific department, division, or college, seeking unauthorized access to protected information.

  • These messages allegedly come from IT support staff or other professionals in a position of authority from within the targeted department, division, or college.
  • As with phishing, these e-mails will attempt to trick users into divulging personal or financial information, or their credentials, or entice them into clicking on a link that could install malware on the computer.

What to look for

  • Is the sender coming from your college or a specific department within your organization?
  • When you hover over the sender, does it show the correct email address of the department?
  • Is the email asking for personal or sensitive information?

 

 

 

Virus Hoaxes

What it is: Messages that contain false warnings about nonexistent threats and may instruct recipients to take actions like forwarding the warning to others.

  • They usually claim you have to act now to avoid a penalty.
  • This false sense of urgency is a common trick of phishing attacks and scams.

What to look for

  • Is there a sense of urgency or a demand for immediate action?
  • Is it asking you to forward the warning to everyone you know?
  • Does the email warn you of a compromise or a virus that has been detected?

 

 

 

Vishing

What it is: Phishing messages using voice communication technology to obtain credit card numbers or personal information through phone calls.

What to look for

  • Is the call unsolicited and asking for personal information?
  • Is there a sense of urgency coming from the caller?
  • Do you notice poor call quality?

 

Smishing

What it is: Phishing via text messages on mobile phones, where criminals impersonate legitimate sources to install malware on devices.

What to look for

  • Does the phone number and display name appear to come from a local number or trusted source?
  • Are there misspellings within the text body?
  • Is the text unsolicited and asking for you to take action by clicking a link?

 

 

 

Whaling

What it is: A phishing attack targeting high-profile individuals within organizations, such as senior executives.

What to look for

  • Is the email coming from your supervisor or a chief executive you work with regularly?
  • Does the email have a sense of urgency asking you to click a link and complete a task right away?
  • Does the person claim to be out of town or unavailable?
  • Does the email contain personalized information about the individual or organization?

 

 

 

Extortion Emails

What it is: Email message threatening to send a pornographic video of them or other compromising information to family, friends, co-workers, or social network contacts if a ransom is not paid.

  • Can also be part of sextortion campaigns

What to look for

  • Are there misspellings or poorly written English?
  • Is the email demanding a large sum of money to protect private content from being shared with friends, family, or the public?
  • Is the email asking for Bitcoin or cryptocurrency as the form of payment?
  • Is the sender using a free email domain (such as hotmail.com, yahoo.com, gmail.com)?

 

 

 

What To Do If You Identify an Email as Spam or Phishing

Report an email as suspicious in your Outlook client by following the instructions in this article: 

 

More information on phishing attacks can be found in this article:

 

If you've clicked on a link or interacted in any way with the email, follow these steps:

  •  Change your password immediately
  • Contact the Service Desk at (509) 963-2001 for assistance in securing your account.

 

 

Additional Resources

Here are related articles on:

 

Submit a Service Request

  • Submit a service request

  • If you need assistance with the above process, you can submit an online request and our Information Services staff will reach out to you. 

     

Was this helpful?
40% helpful - 5 reviews
Print Article