Forms of phishing

Most phishing attempts will be a variation of these three general forms:

• A cold call attempt: when the ‘phisher’ is not acting as though they know you and is either asking for help or making you an offer
• Pretending to be from a company or an organization. These are emails designed to look like official emails and often they can use a similar address to that of the company’s email address
• Pretending to be from someone you know. This can also use a similar address or even friends email addresses that got hacked. Be aware that it is actually quite easy to impersonate another email address.

Phishing attempts can be very targeted and seem to be very personal. They can use your name and even go as far a referencing people or things you know. The most important thing to keep in mind is that if the email talks or inquires about any form of personal information this should raise an immediate red flag. This applies to every email from people or companies you know. Nowadays most major companies will never ask for sensitive information via email. This information can be:

• Personal information
• Passwords
• Username
• Phone number
• Credit card numbers

The same applies to emails that ask you to do something

• Asking you to follow a Link
• Asking you to contact them back
• Download or save an attachments

Until you have verified the authenticity of the email don’t click on any links or download any attachments

Verifying the authenticity of emails

There is unfortunately no one, direct way to detect if an email is a phishing attempt. However there are a few things to keep in mind that can minimize the risk of your personal information falling into the wrong hands.

1. Don’t trust the name displayed and always check the email address that sent it.
   • Phishing Attempts most often use fake email addresses. These can be similar addresses to the original addresses. For example faking the name of Banks is very common. In doubt never hesitate to call the person who supposedly sent the email.
2. Analyze the writing style of the email
   • Check for spelling and grammar mistakes. These should be seen as highly suspicious if the mail is supposedly from the company
   • Check the emails signature, lack of details can reveal whether the sender is authentic or not
   • Do they address you with your name and proper title ? If it seems vague or unnatural the email might not be authentic
3. Never follow links if they ask for personal information or want you to log in to an online account. Instead go directly to the company websites through your internet browser.
   • Don’t click on any links in the email but instead hover your mouse over them to display the actual link URL. This should show you whether the link is going to the actual companies website or to a third party website. These websites might imitate the actual company websites in a very similar manner. That is why checking the URL address is important.
   • Be careful! Phishing emails commonly insert real links in their emails as well as their fake links to try and throw people off.
4. Don’t trust Urgent messages or messages that seem to rush you. This is a common technique often used for phishing
5.  If in doubt, contact the ITS Helpdesk.