Phishing is designed to lure you into clicking on a malicious link or giving up personal information. The creator of these types of emails can disguise the address of the sender to make it look like the email is coming from a reliable source, use information from your social media accounts to make it more personalized, and choose a subject line for the email based on current events, or something that applies specifically to you. The goal for the attacker is to make these emails look as convincing as possible so the reader will click on any attached links without hesitation.
RIT receives many phishing emails each day – you need to be able to recognize them. The days of being able to determine easily when an email is a scam are over. You need to read, analyze, and understand the details of a message to determine if the email is legitimate. Here are some tips and advice for detecting whether or not an email sent to you is a phish:
- Spelling Errors
If an email appears to come from your bank, school, or employer and contains spelling or grammar errors, there is a good chance it’s a phish. Companies will proof read their messages to make sure there are no typos.
- Types of Information Requested
RIT will never ask for personal information or credentials, such as account usernames and passwords, university IDs, or credit cards and social security numbers. If you see a message from your bank or school that is asking for information and you are still unsure if it is a phish, call the bank or school first to verify that they actually requested this information.
- Source Name and Address
The sender of the email should have a recognizable name. Make sure you read the whole address of the sender, including what’s on BOTH sides of the @ symbol. Sometimes the attacker will use keywords like “rit.edu” in their address, but that may just be part of the long address that includes a link to a malicious site.
- Hover Before Clicking
Hover your mouse over the link to view the whole address. If the address looks unfamiliar or “weird”, do not click on it.
Good to click: https://www.rit.edu/fa/sfs/informationforstudents Note the header of the address reads "rit.edu", meaning that the address will lead to a site with RIT as the source.
Bad to click: http://www.xwitchh.net/rit/myinfo/eservices Note the header of the address reads "xwitchh.net", which clearly does not correlate to RIT. Do not be fooled by what follows after the main header.
- Too Good to be True
If there is an offer within the email that seems too good to be true, it is most likely a phishing attempt. A common example is being randomly selected to win a free cruise or winning a free iPad or Xbox. Most people today understand that the message is a scam and that they should immediately delete the email. Most importantly, do not click on any attached links included in a suspicious scam email. The link could redirect you to a malicious website where your data or account gets compromised.
- Urgent and Threatening
It’s also important to read the tone of an email that you have received. One warning sign of a phishing email is if the content asks you to do something in an urgent manner, like “reset your password immediately here.” If the email is harsh or threatening, it’s better to contact the alleged sender directly to confirm whether the email is a phish or not rather than comply with the directions in the email. (An example is an email that looks like it is from your bank asking you to submit a form with your account number within the next two days or your account will be compromised. Call the bank first to confirm if the email directions are legitimate.)
Sent: Monday, November 7, 2016 10:21 AM
Subject: Network Services Update
The new design for our network services such as email and internet has been installed, please proceed to active its usage on your system using the link below.
Here you see an example of a phishing email. How do we know it’s a phish?
- Vague Greeting – At a company or office or school, the sender would address you by name, not staff.
- The Link – If this was sent by your IT Department, then it would probably have a link with your company’s address somewhere listed in the domain. Instead, the link directs to “xwitchh.fr”. It does not appear reliable or familiar for reasons such as it doesn’t have a proper domain extension (.com, .edu) and doesn’t correlate to any business or any website used for network services.
What do you do if you believe the email is a phishing attempt?
If you happen to fall for a phishing attack and give out information or click on a link please follow these steps:
- Immediately delete the email
- Change your password
- Scan your system for viruses and spyware
- Report the situation to your Service Desk as soon as possible
To report a phishing attack, please send an email containing the suspected phishing attempt to email@example.com.
- Attach the phish by composing an email and inserting the phishing attack email by dragging it into the new email windows and then send.
- Delete the phishing email after forwarding it