Phishing

Don’t get hooked!

What is phishing?

•A “phishing email” or “phishing text” is an email/text that attempts to obtain sensitive information (e.g. passwords, bank card details) by pretending to come from a trustworthy source.

• The scammers “phish” for credentials by sending out these emails as bait, hence the name.

How does it work?

• Usually, scammers take a copy of a real communication from somewhere like a bank, a government agency, Microsoft, your organization’s IT department or some other trusted entity.

• They edit it so that links in it point to their website instead of the real one, and send it out.

• When a user clicks the link and enters their details, the scammers save the details for later use.

How does it work?

• Some phishing doesn’t impersonate a company, but simply says vague things such as:

• Your email address will be deleted unless you sign in here

• Here is your invoice for £20,000, click here to view(of course, you didn’t order anything!)

• In some cases, the aim is to infect computers with malware rather than harvest login details.

How to spot phishing bait

• Let’s look at some real phishing emails.

• The green points are reasons that someone might trust the email.

• The red points are reasons that they shouldn’t!

•Claims to be from IT

•Reasonably well-written

• Link goes to an unknown place.

•Comes from a random Gmail address, not from the actual University.

•Contains the name of a trusted entity

•Poor grammar and capitalization

•Demands immediate action with specific threats (email account closure).

•Has PayPal logo

• Looks the same as genuine PayPal emails

•Unprofessional writing style

•Demands immediate action with vague threats

•Does not come from “paypal.com”

•Mentions topical issue

•Why would someone with $12.4 million be emailing strangers to help them?

• If it looks too good to be true, it probably is.

•Well-written.

•Are you expecting an invoice?

• The email address doesn’t look professional, or from a known company.

• Invoices are sent as PDF files, not ZIP.

•Contains the name of a trusted entity

•Apple doesn’t send text messages like this

•Promises relief (found phone) out of nowhere

• Link does not go to an Apple website, but to “appleid-applemx.us”

Key indicators of phishing

•Requests that you click a link to “confirm your details”, or “sign in to do… XYZ”.

•Poor spelling, grammar or writing style.

• Threats – if you don’t do what the email says, bad things will apparently happen (it’s all lies!).

Key indicators of phishing

• Too good to be true offers, like an out of the blue “inheritance”, or a foreign “prince” wanting to move hundreds of millions of dollars and offering you a cut.

•May use technical language to confuse you.

•Unexpected attachments.

Key indicators of phishing

•A big indicator is the email “From” address…

• Legitimate email will come from the company’s domain (i.e. the same as their website).

•Banks and businesses won’t be sending from “someperson32@gmail.com” or “szi38ufds@mailer-server.icu”

Key indicators of phishing

•Watch out – they get clever!

recovery@icloud.apple.123-abc-server.host

recovery@icloud.apple.123-abc-server.host

It is the last two sections that determine whether an email address or web address is genuine.

If you remember nothing else…

•Legitimate companies will never ask for your passwords, PINs, or security details. If an email asks for these, it is a scam.

•No IT department will ever ask you for these either.

If you remember nothing else…

•If you get an email out of the blue asking you to do something to prevent vague “bad things” happening to your email account, bank account or anything else – it is almost certainly a scam.

•Look for phishing indicators. If you’re still worried it might be genuine, contact the company on a known-trusted phone number.