Don’t be Phishing Bait

By May 17, 2019 No Comments

Hi, my name is Shaina Silverman. I’m a second-year law student working with Dwight this summer. I want to warn you about phishing.

Most of us have been annoyed by phishing emails. But when I received one that appeared to come from my law school it became obvious that these phishers are becoming more dangerous; if phishers can craft emails that appear to come from trusted sources, they can pose a real threat to those who aren’t careful.

You must practice vigilance in recognizing the threat and protecting yourself from phishers. Many of these emails contain a link to download or open a document, or may even have a document attached. The links in these emails may prompt you to verify or re-enter your password to open the document. DO NOT click on the link, open the attachment, or open anything. Do not engage with the sender either. Delete the email and disregard. If you recognize the sender and are unsure of the legitimacy of the message CALL them to verify before opening.

When replying to emails,  do not rely on the display name of the sender,  and always look at the full email address and domain. Always be diligent and cautious even for emails that look familiar to you. Emails that appear from people you know can be spoofed and look authentic.

Below are additional tips to look for if you suspect an email is not legitimate :

Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header to verify the domain, and examine the email headers for authenticity. If it looks suspicious, don’t open the email, even if you are not sure, air on the side of caution.

Check for spelling mistakes
Legitimate messages rarely have major spelling mistakes or poor grammar.

Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

Beware of urgent or threatening language in the Subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. If the email seems suspicious even if it’s from someone internally, check the coloring of the signature block and the logos. If they look off, this is a sign that it’s not legitimate.

Don’t click on attachments
Malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer or steal passwords without your knowledge. Don’t open any email attachments you weren’t expecting. Always confirm with the sender directly before opening.