Phishing is the attempt to gain sensitive information through deceptive means via email. Malicious actors send emails posing to lure you into giving up secure information such as your password. Some attempts can be quite convincing with logos or disclaimers taken from legitimate websites. Before you click on any link inside an email, take a moment to consider its validity. There are several things you can look for to determine if a request is a phishing scam.
Common attributes of phishing messages:
The message may appear to come from a local source (e.g. UNT System) or local businesses (e.g. Wells Fargo Bank). The most frequently seen examples appear to be notices about email account suspension that require users to enter their user name and passwords into an online form to maintain access to their account.
The message may use legitimate looking corporate or organizational logos, idioms, disclaimers, or copyright information. It can appear to be amazon.com gift certificates, UPS or FedEX shipping notices, messages from the IRS, and fake fraud alerts from credit cards, PayPal, etc.
The messages will likely lead to content hosted on sites that are different from the apparent origin of the message. For example, a message appearing to be from the "UNT System Email Administrator" asking you to log into an account will link to a login form hosted on Google Docs.
The message may include current events to add an air of legitimacy and to play on the phishing target's emotions. Many of these targeted messages lead to fake charity or donation sites.
The message may include implausible business opportunities. For example fake lottery winner announcements, fake job placements, work visa lottery scams, and fake business opportunities.
The message requires that something be done immediately, such as "within the next 24 hours".
The message requests UNT System information from a site that's not affiliated with a UNT System institution.
The message contains a request for any type of sensitive information.
The message contains simple and recurring misspellings or grammatical errors.
The message contains URLs (links) in the message body that do not match what is shown in the email address or footer.
Detecting Malicious Links
When viewing an email with a link, you can hover your mouse pointer over the link (without clicking) to see a hover box showing where the link points – this is also known as the link’s URL. Once you have the link’s URL, you can break it down to figure out where it actually leads. As an example, the following is a breakdown of the ITSS Information Security team’s Phishing informational page, https://itss.untsystem.edu/security/phishing:
In many modern web browsers, such as Mozilla Firefox and Google Chrome, the URL of the current page is shown in the address bar with all parts but the domain grayed out. This can be useful to determine if the website you are visiting is the actual website it appears to be. If the non-gray domain in the URL does not match what the website claims to be, leave that website immediately.
If you receive an email with a link with a shortened URL, such as a bit.ly address, you can use one of many free URL unshorten tools available online (found by searching for “URL unshorten”), and then dissect the full, extended URL to determine if the link is legitimate.
Remember – if the domain of the link does not match what the email says it does, or if the domain is suspicious or unfamiliar, don’t click it! This is most likely a phishing attempt, and the link may be malicious!
Consequences of falling for a phishing attempt:
- Identity theft
- Misuse of email accounts – using the account to send out spam and participate in phishing campaigns
- Deletion of all email in someone's account and putting rules in place to delete incoming mail
- Compromised reputation of the UNT System and associated institutions – use of a compromised account affects our reputation as a legitimate mail sender
Things to keep in mind when dealing with a potential phishing scam:
- Never click on a suspicious link as it could lead to a malicious site
- If the e-mail is supposedly from a financial institution or government agency contact them through other means to confirm the e-mail's legitimacy
- Never make personal or financial information publicly available
- Our staff will never ask you for your password under any circumstances
If you have doubts about an email sent to you, or believe you may have unintentionally divulged sensitive information, contact your computer support personnel or email firstname.lastname@example.org.
Below are two examples of actual phishing attempts received in the UNT System.