Recognizing Phishing Emails
Phishing: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Social engineering attacks continue to be one of the biggest threats to computer security, and in our organization the majority of those attacks come in the form of phishing emails. For the most part our staff have done an outstanding job of recognizing and avoiding these attacks, but some of them have been so clever and well-engineered that they even gave us in the IT department pause. For example, one of the attacks was so well-engineered that if you responded to the email, which appeared to be from a legitimate source in the DHHR, an auto-reply was setup to respond to your email saying that it was ok and legitimate. To make matters worse, the staff that received the emails were expecting information from the very person that the email claimed to be from. Talk about a coincidence of timing.
I know what you’re asking yourself; if the attacks are this clever and well-engineered how are we supposed to recognize them and protect ourselves? Well, here are two tips to help you recognize and avoid a phishing email.
- The Links
All phishing emails are going to try to get you to click on a link to a website, and it’s almost always going to be in picture or button form. In outlook if you hover your mouse over the link without clicking on it a small window will appear showing you the web address of the link. If you look at this link closely you’ll be able to tell very easily if it’s legit or not. For example, let’s say you receive an email from the DHHR, and when you hover over the link the web address is dhhr.wv.ua. Do you see the problem with that link? The last two letters are ua, that’s the national domain suffix of the Ukraine.
- Logging In
If the link looks legit and you do click on it, the next thing the attacker is going to want you to do is login using some form of credentials. A big one right now is your Microsoft credentials. After clicking on the link, it will prompt you to login with your Microsoft credentials to see the content, and it will look just like the login page you’re used to. Once you do this, the attacker has your credentials and can then use them to log in to your actual Microsoft account, giving them full access to your account. So, the rule of thumb is, never log in to a site from an email link. If you think the email is legitimate, go to the website yourself and log in. You will then be able to access the information needed.