General

A Field Guide for Phish Identification

April 21, 2022 /

So just how do you recognize a phish? Let me list a few things you can watch for in any kind of communication:

  • In the from field of an email –
    • An address from someone you don’t normally communicate with, especially if it doesn’t match the organization that is supposed to be sending the message.
    • The message is from outside and doesn’t relate to your job responsibilities.
    • The message is from inside, but is unusual or seems out of character. Dr. Emberton will never ask you to buy gift cards…
    • The from address is misspelled.
  • In the to field of an email –
    • You are cc’d, but you don’t recognize any of the other people the message was sent to.
    • The message is sent to an unusual mix of people (last names all starting with the same letter, unrelated departments, etc.)
  • Date and subject of an email –
    • The message was sent at an unusual time outside of business hours, like 3:00 a.m.
    • The subject line is irrelevant or doesn’t match the content of the message.
    • The message purports to be a reply to something you never requested or sent.
  • Content, attachments, and hyperlinks in a message –
    • The message has an attachment that is a .exe, .ps, or .html file.
    • The sender would not normally be sending attachments to you.
    • Hovering over a hyperlink in the message shows a tooltip with the address for a DIFFERENT web site than what the link is supposed to lead to.
    • The link address is a misspelling of the site it is supposed to go to.
    • The link is the only thing in the content of the email.
    • The sender is asking you to click on a link to avoid some negative consequence or to gain something of value.
    • The message has grammatical and/or spelling errors.
  • Lastly, if you simply have an uncomfortable gut feeling about the message, please don’t hesitate to verify the contents before acting on them.

What should you do about phishing? Verify before clicking anything. If the message is supposed to be coming from someone else at Huntington University, contact their office and find out if it’s the real thing. Forward the message to helpdesk@huntington.edu, and we will be glad to help you with this! Reporting it will also help us let others know that a scam is being propagated. Then, delete the message.

As I’ve said many times, you are our best line of defense against this sort of thing. Thank you for your vigilance! I would also like to thank some of the organizations that helpfully provided some of the information I’ve given you. Thanks to our nation’s FBI for compiling crime statistics and providing helpful information at Spoofing and Phishing — FBI. The Federal trade commission also has helpful information at How To Recognize and Avoid Phishing Scams | Consumer Information (ftc.gov). Thanks to Sophos (the security vendor we use) at Sophos.com , and thanks to other security companies out on the web like Ironscales (The IRONSCALES State of Cybersecurity Report) who provided more statistics on phishing, and Knowbe4 who has an excellent site if you want to know more about phishing at Phishing | What Is Phishing?

 

Posted By: Bob Landon - IT Services