» Technology Home «
E-mail Phishing Attacks
What is Phishing?
Phishing is the term given to communications, usually email, where the attacker tries to fool the target into revealing private information about themselves or their organization. Often claiming to be IT Solutions, the attacker will usually include hyperlinks to malicious websites in the email that appear to be legitimate or include malicious attachments. Simply visiting the URL or downloading the attachment can be enough to compromise your machine.
How does Phishing affect me?
If your account is compromised, attackers will often start sending out more phishing emails from your account. This could damage your reputation and decrease the trust others place in your future emails.
Additionally, attackers may be able to compromise any other accounts attributed to that email address. this could include bank accounts, social networking accounts, file back up, remote connection to your computer, and so on.
How can I tell if it's phishing?
Attackers will often use a sense of urgency in their messages. For example:
- "Your account will be disabled unless you act now!!!"
- "Please update your account information or your account will be terminated"
- "Your mailbox storage has exceeded the quota"
- Often, they will include a link or attachment. these will usually, although not always, require some action on our part, such as clicking or downloading, to be successful.
- Spelling and grammatical errors are very common among phishing communications. Many of the attacks originate from overseas or from people who don't speak English as their first language. Although this is not always the case, treat emails with excessive grammatical errors with extra scrutiny.
How can I protect myself from this?
DON'T CLICK ON LINKS!
When you receive an email about your account, instead of clicking on the link, open your browser and manually type in the site address. Because you are going to the site yourself, you can be more confident that you are going to the right place. A bank or other financial institution should never be sending you emails with links in them.
Seriously, Don't Click On the Links
Although a link in an email may appear to be leading you to a legitimate site, for example http://www.rctc.edu. It may in fact be leading you to a compromised or malicious site like http://compromised.website.com/rctc/edu. Attackers will make a link into a hyperlink that appears legitimate when you read it, while it instead opens a different address. It is important to be aware of what website you are on in your browser.
Take a Minute to Verify
If you receive an email about your bank account being compromised, take the time to call your bank. If in fact your account is compromised, you will be able to get addiotional assistance over the phone. It is important to use the phone number found on your bankcard and not a phone number included in the email.
Trust Your Spam Filters
Modern spam filters are able to block messages based on trends. For example, if 10,000 Gmail accounts received the same email from the same address wtih the same link to reset your password, then Google's spam filters are more likely to send that email directly to the spam folder.
How to report Phishing emails to Microsoft:
In outlook Office 365 (Accessing email through a web browser)
** Student and Staff/Faculty off campus
Click on the phishing scam message, click the down arrow next to Junk, and then click Phishing on the toolbar. Office 365 does not block the sender because senders of phishing scam messages typically impersonate legitimate senders. If you prefer, add the sender to your blocked senders.
How to report phishing emails from the Outlook client, (ie. icon on desktop/Outlook Application on Office computer) **Staff/Faculty only
Right click on message, click on Junk, click on Report as Phishing, then click Report
**Mac users will have to use Office 365 (ie. web browser) to report phishing emails