Body
Summary
This article provides some tips, and examples, on how to identify a phishing attach.
What is Phishing?
Phishing is the attempt to get sensitive information (like user names, passwords, and financial information) by masquerading as a trustworthy source in an email.
- They can range from crude basic attempts to get money directly, to more sophisticated attacks that include data about an organization you belong to.
How to Recognize Phishing
Note: The first thing to remember is that CWU will NOT ask you for confidential information in a ”BCC” email, and will not direct you to a link off our secure network.
The “To:” field
- The “To:” field in many phishing emails is left blank.
- This is because a phisher uses a compromised account to send an email, and instead of sending an email to 50 users from different organizations, they use the BCC to prevent you from notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.
The “From:” field
- In an IT Scam, it will come from someone NOT in your IT org, and likely not at the university at all.
- In a money Phishing scheme, these will often not match at all
- Example: FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg>
The Warning Banner
- The warning banner is present and indicates that the email originated from outside the university
Links
- Look for links that use “Click Here” or other generic terms to hide the link path.
- Links that lead to a site other than the organization they are pretending to be.
- Often generic sub-sites, or foreign sites ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch”
Spelling and Grammar
- Most Phishing attempts are initiated in countries where English is not a primary language. As such, emails are fraught with grammatical and spelling errors. See the examples below.
Generic IT terms
- Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations.
- While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.
Examples
All of these examples show the indicators of phishing as described above.
Example One:
Example Two:
Example Three:
What To Do If You Identify an Email as Phishing
Report an email as suspicious in your Outlook client by following the instructions in this article:
More information on phishing and malicious emails can be found in this article:
If you've clicked on a link or interacted in any way with the email, follow these steps:
- Change your password immediately
- Contact the Service Desk at (509) 963-2001 for assistance in securing your account.
Additional Resources
Here are related articles on:
Submit a Service Request