IT Security Analyst, Jason Close is back with more information on Phishing.
Today, I will be covering the second half of the two-part series on phishing that was started a few months ago.
To recognize phishing emails, it greatly helps to understand what the scammers want: your personally identifiable information, your account credentials, and/or your financial information.
Scammers may use your personal information in an attack on another target. They may impersonate you, utilizing information gleaned from your profile(s) in order to create a system of trust with the recipient(s). This could be through other emails, over the phone, or in person. They may also utilize your stolen credentials in order to gain access to other systems, or to send out more phishing emails to others inside your organization. Lastly, they may use your financial information to make purchases, which could create thousands of dollars in liability, or cause your credit score to go down.
That means the scammers are trying to get a few specific pieces of data from you: your email address, your name, your address, your online banking or credit card credentials, and your email credentials. Any email that requests this information from you, or any email that points you towards a website that requests this information from you, should be treated with suspicion.
When looking at emails, the first task is to look at who the email is from. Is it from a trusted source? If not, it should immediately be treated with suspicion. Next, we should look at exactly what the email is asking you to do. If the email is asking you to verify your credentials, or if the credential verification is combined with some sort of repercussion or vague threat (such as shutting down your account), the email is more than likely a phishing email. At OU, and at most organizations and companies, you will never be asked to verify your credentials in this manner.
Here is an actual phishing email that was sent to users here at the University of Oklahoma.
As you can see, this email should set off many concerning alerts. The most obvious thing to note is that it looks unprofessional. The ‘Ou.edu’ notation is not something that the University of Oklahoma would utilize in their marketing/notification emails. Next, you will notice that the email is asking the user to verify their email credentials by clicking a link, with a threat of an account suspension as the motive.
The next thing to look at is the content of the destination page once the link is clicked. Below is the landing page of a phishing email actually received here at the University of Oklahoma.
There are several things to notice here. Did you see them?
The first thing someone should always check is the URL. Does it make sense? In this instance, the URL is a weebly.com subdomain. This should set off an alarm in your head. If you didn’t see the URL, there is also a footer at the bottom of the page that confirms that a weebly.com site is being utilized. The University of Oklahoma would not be utilizing a weebly.com site for sites that are tied into its infrastructure. To instill confidence in its users, the site should’ve been tied to either an ou.edu domain, or at least be tied to a reputable site or service, such as Microsoft.
There are a few other things on that page that should tip off an aware user. Would a university site asking for credentials have links that say ‘WEDDINGS’ or ‘PORTRAITS’ or ‘JOURNAL’? No. This is an obvious template that was slightly modified without much thought before it was posted to weebly.com. It is also interesting that the page asks for the user’s full name, considering that is never a requirement when signing into an account. A password verification (RETYPE PASSWORD) is also interesting, as that is not usually required when simply logging in to a site. Both of these factors should raise alarms regarding the authenticity of the site.
As you can see, there are often very obvious giveaways for recognizing a phishing email. But it means that you as the user must pay astute attention to the content of your emails, as well as the destination sites linked to by those emails. Often, our brains tend to go on autopilot throughout the day, and we don’t keep our eyes peeled for threats and exploits. But they are around us everywhere. Looking at the first email for an extra 3-5 seconds would have provided us with enough details in order to trip off the threat sensors in our brain. The same goes for the phishing landing page. The difficulty is in breaking out of the cycle of blindly trusting the emails and the websites we visit throughout the day.
Just a little bit of attention and care can help to protect your credentials, your personal information, your financial information, and the institutions you represent.