It has been a while since Computing Services sent a reminder regarding phishing and scam emails. Phishing emails are malicious emails where the attacker will pose as a legitimate organization to attempt to trick you into clicking on malicious links, download attachments, and could possibly lead to disclosing your personal information.
Following are the steps to distinguish phishing from regular emails:
Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Experts have found that nearly half of all email threats spoofed the brand in the display name. The bottom line is don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email.
Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new browser window and type in website address directly rather than clicking on the link from unsolicited emails.
Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.
Don’t give out personal information
Legitimate banks and most other companies will never ask for personal credentials via email.
Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.
Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.
If you have replied to phishing emails, and have sent money, please report this fraud to the ASU Police Department at (719)587-7901.
Final reminder, Computing Services will never ask for your username and password via email.
If you have additional questions contact us at:
Computing Services