sections |
Email phishing messages are emails that attempt to convince a user to either give up valuable information or open malicious attachments. Here are 4 tips to help spot a phishing message. 1. Hover over links – Hover your mouse pointer over any links included in a suspicious email. If you are checking your email from a web browser, hover over the link and look in the lower portion on of the window to see the web address for the link (Safari users may need to choose Show Status Bar from the View menu). If the Web address is not familiar or seems to have no association with the sender of the message, you may have a phishing link on your hands. Hover over these links to see the difference: DIIS Information Security Office vs. DIIS Information Security Office (the latter uses a fake Web address that doesn't go to a real Web page). If you are using an email client such as Microsoft Outlook, a pop-up box will appear showing the web address for the link. 2. Use caution with email attachments – If you receive an email that contains an attachment from an unknown sender, be wary of opening it. Attachments can contain malware that may infect your computer. If you recognize the sender, but are still questioning its legitimacy, call the sender and ask them if they really did send it. 3. Examine the From: field – This field can easily be forged to look like it was sent from another user. Look for: incorrect capitalization or minor misspellings in a person’s or department’s name. If a name looks correct, but you are still unsure if it is legitimate, call the department or person who sent the message to confirm it is real. You can also ask the DIIS Service Desk for their advice. 4. Look for typos in the message body – The message body may have multiple spelling and grammatical errors. Also, the look and feel may be "off" from legitimate communications you have received in the past. Well-crafted phishing messages can be hard to detect, so use a combination of all four tips to help you make a decision. If you are ever concerned that you may have accidentally opened or interacted with a phishing message, the first and best step is to change your Netpass password. Follow that up with a call to the Service Desk (x 4-1000). They can help analyze the message and request additional support from the Security Office, if needed. If you want to learn more about phishing message, head on over to our “Phishing Examples” webpage. We break down the anatomy of two phishing messages. Information Security Office |
© Copyright Ithaca College. All rights reserved; unauthorized use prohibited. All material on this server is produced by our community but, except for designated pages, is neither approved nor verified by Ithaca College.
