What is phishing and how to spot a potential phishing attack
Phishing attacks are attempts at social engineering recipient(s) into either installing malicious software meant to steal private data or their intent is to simply fool the individual into providing information in what appears to be a normal, secure means. Such attacks can incorporate phone calls, ‘spoofed’ e-mails, and/or fraudulent websites all of which are designed to fool recipients into divulging personal data such as account usernames and passwords, Social Security numbers, credit card numbers, etc.
Spear phishing is targeted phishing, often aimed at executives and employees with access to confidential data. Be wary of any email which asks you to reply with account information or click on a link, especially if the message is written to sound urgent. Be suspicious of impersonation if you receive urgent requests for money from a colleague or friend, as well – confirm the legitimacy of such a request by a completely different communication method (if you receive an email requesting funds, call the supposed sender to verify).
Common things to consider in hopes to accurately identify a phish:
- Spelling mistakes and/or poor grammar. Typically professional mass communications will have an editor review before distribution. Cybercriminals do not always take that into consideration.
- Threats or a sense of urgency. A common tactic is to threaten the recipient with account closure if they do not act with haste. The best course of action is to contact the purported sender by legitimate means to verify the claims of the email (i.e. if the message appears to be from your Bank, call their toll free support hotline to validate account issues OR call your Helpdesk here at CGU)
- Hyperlinks. It is common to see a link in an email message; however, before you click the URL, be sure you’re aware of the actual destination. Mousing over the link will reveal the true destination. Another issue could be URL shorteners that help to consolidate long URLs into shorter, managable links. Online services such as GetLinkInfo.com will help you expand and preview such links before clicking through to untrusted domains.
- Sender or Reply-to address(es). Look at the sender and reply-to information in the message headers. Be cognizant that these addresses can be spoofed and try to identify whether or not the address is actually from the supposed sending party. For example, we’ve seen phishing attacks that purport to be from the “Helpdesk” yet the address is not from a cgu.edu email address. In fact some messages may not even attempt to appear to come from the CGU edu domain. If those addresses are in no way related to the institution that’s supposedly sending the email, immediately question it’s validity.
- Spoofed logos. Cybercriminals know that if they include a logo or common graphic into the email that the recipient is more likely to trust the validity of the message. Be aware that images linked to the legitimate website/company can be spoofed and do not necessarily ensure communications originated from the purported sender.
- Attachments. It is not unusual to receive an attachment in an email. On the other hand, be wary of enticing file names or certain file types (i.e. .exe, .zip, .bat) especially when the sender is not trusted. Typically a malcious file has to be opened to install the malware. If you can safely save the file without opening, it is possible to upload the file to sites such as VirusTotal.com in an attempt to determine if the file is recognized by Anti-Virus vendors. Keep in mind that the file could contain malicious content not yet identified by any of the Anti-Virus vendors and this should not be the sole method for determining whether the file is “safe”.
- Email Headers. An email header is essentially the envelope of electronic mail. You can see the addresses used to route the message. Reviewing the full headers may help you identify whether or not the message legitimately came from the purported sender.