Comment 8: Beware Pirates Dressed in Email’s Clothing
Phishing continues to be a major problem for people and companies. An article from Cybernews highlights a recent study that finds up to forty percent of received emails are from criminals attempting to trick you. While you and your colleagues may mostly complain about the amount of spam in your inboxes, that annoyance is nothing compared to the real damage of falling for a phishing attack. Thanks to the pandemic and its push to further digitize our work and personal lives, overall cybercrime has increased up to 600%.
But wait! You don’t need to nuke your email account. Luckily, built in security features block eighty percent of phishing attempts from reaching your inbox. Let’s consider what that means in a hypothetical case where you receive 100 emails a day:
Total Emails Received | Potentially Malicious
(40%) |
Potentially Malicious
Emails Blocked (80%) |
The Problem |
100 | 40 | 32 | 8 |
If everything works roughly as it should, there are eight chances every day to accidentally expose our personal/financial information or compromise our computers/networks. To be more cognizant of this danger, we will briefly define what phishing is and look at some simple strategies to help keep you and your institutions safe.
What is Phishing?
The Computer Security Resource Center, a division of the National Institute of Standards and Technology under the U.S. Department of Commerce, provides several definitions for phishing from very broad and accessible to highly specific terms of art. For our purposes we will define phishing as: Tricking individuals into disclosing sensitive personal information by claiming to be a trustworthy entity in an electronic communication. If technology tends to make you a bit anxious, think of this like a scene from a movie where a somebody flashes a fake badge at a motorist and commandeers their car…and probably their wallet.
What does it look like?
Below is an email that recently came into the library that bears all the signs of a phishing scam.
Prior to examining the six things I found suspect in this email, I want to mention the subject line. One of the go-to tools for scammers is to create a sense of urgency in their victim. This is not something that occurs just in phishing emails, there is an aspect of this in every scam. In this case the scammer is attempting to induce a panic in the fact that my password is about to expire. Whenever I see anything that is trying to engage me emotionally rather than intellectually (unless its a Hallmark movie) I immediately become suspect; however, gut feelings are not evidence. Let’s consider the email (note. Never click a link in an email from somebody you don’t know. I check links by hovering over it with the mouse pointer or by copying it and pasting it into a simple text editor):
1.Outlook came right out and tells me who sent this email (noreply@service.com) and that they are not part of my organization. Why is an account outside my networking warning me that my in-network password is about to expire?
2.The sender information here suggests a simple name spoof. While it says this email is from “Support law.csu.ohio.edu,” I can once again see that this is really from a service.com email. It is easy to fake some identifying information in an email, but others are more difficult. This is a huge red flag.
3.If an IT administrator is contacting you about issues with your account, it is very unlikely that they will address you by your username rather than your actual name. It’s not impossible, however, so this is less a red flag and more a concern.
4.Both the “Keep Current Password” and the link above it for my account that is about to expire are not doing what they should. (Again! Don’t click on links in email you don’t trust!) If I were to click on my address in the second line of the email, it would use a function called mailto: which tells my email client to open a new mail that would be sent to somebody @glennbio.com. This is a whole new domain added into the mix. There is no website for this domain, but some simple sleuthing let me discover that it was first registered in August of 2021 to somebody using a fake name at a probably false address on Jalan Sultan street in Kuala Lumpur. Clicking the “Keep Current Password” button would send me to a site that attempts to inject malware, or malicious code, onto my computer.
5.Were I to follow this link to “see my email activity” I would end up at the same site as the button above. Also, just as a common sense thing, why am I going to click a link to see me email activity when I am in my email client, which shows me all my email activity.
6.I’m honestly unsure where this link goes or what it is trying to do, but I do know that is has nothing to do with the law.csuohio.edu domain.
What do I do if I suspect phishing?
1.Take a second to think. Like I said, scams try to create a sense of urgency.
2.Don’t click on anything in the email!
3.Delete it, block it, or, if possible, report it. Most email clients will giver you the option to report attempted phishing. Doing so helps them better understand the problem and help keep them able to block the majority of attempts. The email service at CSU makes it as easy as clicking ‘junk’ toward the top of the screen and selecting ‘phishing’.
4.What if I am dubious of this email but I am still worried about my account. The best thing to do here is contact the person/institution that the phisher is claiming to be and find out what is going on. One caveat though, contact them through a source that is not in the suspected email. In this case I’d use the university website or my address book. This is also true if you feel that you are being scammed on a phone call. Say you get a voicemail from your bank about something but something seems off. Don’t call the number they give you, instead call one you independently verified.
Thanks for making to the end of the first Comment 8!