Versions Compared

Old Version 6

changes.mady.by.user Andrew Mcdonald

Saved on

compared with

New Version Current

changes.mady.by.user Aeoleon Bryant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

How to Determine if an Email is Phishing

Phishing emails are designed to look like they are coming from a reputable source and delivering valuable information, but they direct you to a dummy site that is run by scammers., designed to steal your personal information or email password.

There has been a recent rash of scam or phishing emails that appear to be coming from widely used IT services, like Dropbox. Though these emails use logos and branding that make them seem legitimate, they are scams intended to steal email login or other personal information. It is important to always be vigilant when reading emails (at work and at home), and to investigate anything that seems suspicious or unexpected before opening it or clicking on any attachments.

Here are some general clues that an email may be phishing:

...

Does it address you personally? Spam emails often do not refer to the recipient. They only refer to them by email address only.

...

Is the tone urgent and the information incomplete? Since the goal of phishing is to get you to click on a link without thinking, messages are often short with few details, but contain attachments that seem too important to ignore.

...

Phishing emails are deceptive messages that appear to come from reputable sources, aiming to steal personal information or credentials. These emails may seem legitimate by using familiar logos and branding but are actually fraudulent. Being vigilant about recognizing and avoiding phishing attempts is crucial for protecting your personal and professional information. This guide outlines steps to help you identify phishing emails effectively.

Steps to Determine if an Email is Phishing

1. Check Personalization

  • Look for Personal Addressing: Phishing emails often lack personal details, addressing you by email address or a generic term like "Customer" instead of your name.

  • Verify Known Contacts: If the email claims to be from someone you know but doesn't address you personally, be cautious.

2. Analyze the Tone and Content

  • Urgency and Incomplete Information: Phishing emails typically have a sense of urgency, prompting quick action with minimal details.

  • Unexpected Attachments: Be wary of attachments that claim to be important documents, especially if you weren’t expecting them.

3. Inspect the Sender’s Email Address

  • Look for Irregularities: Check the sender’s email address carefully. It may contain the name of a legitimate company but with additional or misspelled information (e.g., info@drop-boxing-authorized.com).

  • Where do the links or buttons lead? Hover, but do not click on any buttons or links within the message to ascertain that they will direct you to a legitimate website. Often, as in the case above, they will direct you to a site that looks legitimate, but has a URL that is too long or contains extraneous information designed to confuse the reader.

  • Does it Domain Mismatch: Legitimate companies usually have consistent domain names (e.g., @company.com). Be cautious if the domain looks off.

4. Verify Links and Buttons

  • Hover Over Links: Without clicking, hover over links or buttons to see where they lead. Phishing links often direct to fake websites with unusual or long URLs.

  • Check for HTTPS: Ensure the URL starts with "https://" indicating a secure connection, although this alone is not foolproof.

5. Identify Requests for Sensitive Information

  • Be Skeptical of Login Requests: Reputable companies will never ask you to enter your email username and password to access the link or attachment? No reputable company would ask you to login with this information.

If you receive an email that you suspect may be a scam or phishing, do not open it. Instead, please forward it to the IT department so that we can investigate and report back to you.  Instructions for how to report spam or phishing emails can be found here in our Knowledge Base.

...

  • or password through an email link.

  • Verify via Official Channels: If in doubt, contact the company directly using official contact details, not those provided in the email.

6. Take Action if You Suspect Phishing

  • Do Not Open Suspicious Emails: Avoid opening any emails that seem dubious or unexpected.

  • Forward to IT Department: Send suspected phishing emails to your IT department for further investigation.

  • Report the Email: Follow the instructions in your organization's Knowledge Base to report phishing attempts.

Additional Information

For more information on phishing and how to protect yourself, consider exploring the following resources: