How To Identify a Phishing Attack

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames,passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

The phisher's often use popular social sites and banks or auction sites as their origin. Some examples are Facebook, Yahoo, Paypal and Ebay.

Here's a quick list of things that you should check before responding:

  • Do I know or can I verify who sent me this email?

  • Do I have an account with this organization?

  • Does the email contain misspelled words or bad grammar?

  • Does the URL match the one of the companies site you know and use?

  • Are they asking for personal information such as Social Security Number, Date of Birth, Usernames and Passwords?

Neither TAMU or TAMUG IS will EVER ask you for a user name and password via email.  NEVER give your user name and passwords to ANYONE else via any method, phone or email.

Examples of fake links in emails:

When you check a link within an email you can just put your mouse over it and you should see the actual web address that the link goes to. Often what is written isn't where the underlying link takes you.

Look at the following link:

www.tamug.edu

I am sure you know this site, but now put your mouse over the link without clicking it. Look at the bottom bar of your browser. You can see clicking on this link isn't going to take you to www.tamug.edu.

You can use this technique in any suspicious emails to see if the links really go to where they are supposed to.

Also be wary of fake websites that look almost identical to the real website. If in doubt, Google the company name and see if the Google results show the same website address.

Examples of phishing emails to hit TAMUG:

Example 1 - Email Account Information
Reply to Email Address: helpdesk@8u8.com   -- Do you know this sender @8u8.com?
Dear Account User,  --Not addressed to an actual person
 
This Email is from webmail user Customer Care and we are sending it to every webmail User Accounts Owner for safety. We are having  -- Bad Grammar

congestions due to the anonymous registration of accounts so we are shutting down some accounts and your account was among those to be deleted. We are sending you this email to you so that you can verify and let us -- Bad Grammar

know if you still want to use this account. If you are still interestedplease confirm your account by filling the space below.  Your User name, password and your country information would be needed to --Country Information?
verify your account.

Due to the congestion in all webmail users and removal of all unused --Bad Grammar
Accounts, Webmail would be shutting down all unused Accounts,

You will have to confirm your E-mail by filling out your Login Information
below after clicking the reply button, or your account will be suspended --Threat of Access Removal
within 48 hours for security reasons.

* Username:
* Password:
* Country or Territory:

Warning!!! Account owner that refuses to update his/her account after
receiving this warning will lose his or her account permanently.

Regard,
Customer Care Webmail Team. Example 2 - Email Account Information
From: Webmail Help Team [mailto:upgradewebmail@jmail.info]  --Do you know this sender @j-mail.info?
Sent: Thursday, March 05, 2009 5:44 PM
Subject: EMAIL ACCOUNT WILL EXPIRES IN SEVEN DAYS FROM NOW. --Bad GrammarWebmail Maintenance NoticeThis is to inform all  webmail users that we are current carrying out maintenance -- Bad Grammar
exercise on all webmail. Hence, all  users are mandated to provide the following details;1) Username: ............... --Phish, Phish, Phish
2) Password :...............
3) Alternative email........ However, Failure to comply may result in temporary webmail suspension. --Threat of Access Removal

Please understand that this is a security measure intended to help protect you and your mailbox.We apologize for any inconvenience. Thank you for your anticipated co-operation.Kind Regards,WEBMAIL (ADMIN TEAM).

Example 2 - Money Scam

Reply to: anthonyheadofdespatch01@yahoo.com.hk  --Do you know this sender @yahoo.com.hk?

Dear Customer, Good day to you. We have been waiting for you to contact us for
Your Package that is registered with us for shipment by the Lottery
commission to your residence. Be informed that we are in possession of a -- They have money for you
Parcel containing a cheque of 500,000.00 GBP. It is the usual practice of this comission to conduct a proper verification
of all Packages that we are to deliver, to ensure that they are valid.
Be rest assured that the contents in your package has been confirmed valid and -- Bad Grammar
we will commence delivery once you have met the necessary requirements.
For your information, the Mail, VAT & Shipping fees have been paid by the
Award Promo Board when your package was registered what you need to pay
is the Security Keeping fee of 200 GBP as stated in our privacy terms          -- You give them money first?
& condition page.
kindly supply the below info.
%7eFull Name:.......................   -- Phish, Phish, Phish
%7ePostal address:...................
%7eState/Country:...................
%7eDirect telephone number:..........
Await your Swift Response.
Yours Faithfully, Mr.Anthony Chris
Despatch Officer Tel:+447-035-931-105 -- International Phone Number
E-mail: anthonyheadofdespatch01@yahoo.com.hk©
Skynet Online Team Management 1995 - 2009 Skynet Courier Uk®

 

When in doubt call the Helpdesk at 740-4480, stop by IS in CLB 115 or forward the email to helpdesk@tamug.edu.