...
This article is on how to identity what a phishing attempt is
Example
| Code Block | ||||
|---|---|---|---|---|
| ||||
Subject: We have temporarily restricted your online account access. Date: 04 Dec 2014 13:40:22 -0500 From: Wells Fargo <no-reply@wfarg.com> Reply-To: noreply@wfarg.com To: undisclosed-recipients:; *Your account has been temporarily limited. * To restore your online account access, please confirm your details on file with us. For confirmation, please click the link below: Sign On to Wells Fargo account <http://mhgmichigan.com/we/> We apologise for any inconvenience caused. Thank you. © 1999 - 2014 Wells Fargo. All rights reserved. NMLSR ID 399801 |
...
- The recipient (To:) does not have your actual e-mail address. While this example has undisclosed recipients as a means of a BCC method of delivery, some phishing methods are not as smart to avoid this
- The sender (From:) comes from a weird domain. In this example, wfarg.com is NOT an actually a wellsfargo domain, it belongs to someone else. (You can use http://whois.domaintools.com/ to look up domains and who owns them)
- Any links on the message will not go to the company's site in question. The link in this example is going to http://mhgmichigan.com/we, which is definitely not a Wells Fargo website.
- Does it actually have any information you recognize? Most phishers have no idea of any of your actual information. As you can see here in this example, no real information is put in here, not even a Name or the last 4 digits of the account. While this is meant to be a generic message, a generic message telling you your account is suspended is often a fake message. Most businesses will help you identify, properly, who they are trying to contact, and to go one step further, use a part of actual information, such as the last 4 digits of your account, to help make sure this is you and them talking.
- Is it too good/bad to be true? Another common phishing method is the 'Nigerian Prince' scam or 'I need help' scam. Where they want personal information or bank information to route money to you or get money from you to bail them out.
For more information, please refer to UC Santa Barbara IT - Identify Phishing Scams.
What you can do to protect yourself...
...
For all intents and purposes, yes. In UCSB Connect (GMail), there is an Icon that looks like this:
Clicking on the Down Arrow portion will pull up a menu and you can click on Report Phishing for that particular email. This will give Google a sample of the phishing email to help improve their ability to filter future emails of this nature.
If you are not using the UCSB Connect (GMail) Web Interface, your best option is to report the email through the Web Interface
You can follow the guide on how listed here:
How should I report a phishing attempt?
Please also refer to Report Harassing or Unwanted Email on reporting phishing attempts.
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
| Page Properties | ||
|---|---|---|
| ||
|