Spotting a scam: how to identify phishing emails

Despite how much we think we know about it, many of us still fall victim to phishing scams.

phish 1.png.jpg

Phishing is a form of fraud where criminals pose as a known associate or a legitimate organization in an attempt to access personal details such as login credentials or account information, which can be used to steal money, data and even people’s identity.

Though phishing attacks can be carried out via phone calls or text messages, the most common form is email.

Fraudsters try to lure recipients into performing an action such as clicking on a link or opening an attachment in a received email.

See the real-life examples below for signs that an email might be a phishing scam.

1.      Odd or unfamiliar email addresses

Cyber scammers are banking on the fact that most people will open message sent from a name or organization they know, so take a moment to check the email address first.

phish+1.jpg

2.      Message creates a sense of urgency

Email messages urging you to take immediate action should be handled cautiously especially if the request appears out of place or does not follow normal operating procedures. Cyber criminals know that most of us give priority to an urgent email request from our boss or senior management .

phish 2.png

3.      Grammatical mistakes

With spellcheck and translation apps have made it easier for cyber criminals to write convincing emails. They may have all the right words but not necessarily the proper context; grammar mistakes are often a tell-tale sign of a scam email.

 4.     Requests to update or validate information

The major goal of phishing email is to obtain sensitive information. Cybercriminals like posing as reputable institutions and asking you to update or verify your information such as password update or verification, banking details or credit card number. These types of changes must first be initiated by you, not the other way around.

phish 3.png

5.      Email contains suspicious attachment or links

Though phishing emails come in many guises, they all contain a payload: a computer virus that executes a malicious activity.

This will either be in the form of infected attachment or a link to a bogus website that requires you enter your login credential or other sensitive information. Any email attachment or links sent to you without prior request or discussion should be treated with caution.

The attachment may appear harmless but when opened, it unleashes malware on your computer. If you receive a pop-up warning about the file’s legitimacy or if the application asks you to make adjustments to your settings, don’t open the attachment. Instead, contact the sender through an alternative means and ask them to verify it is legitimate.

Tip: Train yourself to hover your mouse over links to see where a link leads before clicking. If you are on a mobile device, hold down on the link and a pop-up will appear containing where the link leads to.

And never reply to a phishing email - it alerts the sender that your email address is active and this can encourage the sender to continuously send you phishing emails.

If you receive a suspicious email, or have questions, contact the ITSS helpdesk by email helpdesk@smu.ca or phone: 902-496-8111 for assistance.

—Submitted by Dele Ogundele, IT Security Specialist

 References: