Versions Compared

Old Version 3

changes.mady.by.user Scott KAsai

Saved on

compared with

New Version Current

changes.mady.by.user Scott KAsai

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The recipient (To:) does not have your actual e-mail address. While this example has undisclosed recipients as a means of a BCC method of delivery, some phishing methods are not as smart to avoid this
  • The sender (From:) comes from a weird domain. In this example, wfarg.com is NOT an actually a wellsfargo domain, it belongs to someone else. (You can use http://whois.domaintools.com/ to look up domains and who owns them)
  • Any links on the message will not go to the company's site in question. The link in this example is going to http://mhgmichigan.com/we, which is definitely not a Wells Fargo website.
  • Does it actually have any information you recognize? Most phishers have no idea of any of your actual information.  As you can see here in this example, no real information is put in here, not even a Name or the last 4 digits of the account.  While this is meant to be a generic message, a generic message telling you your account is suspended is often a fake message.  Most businesses will help you identify, properly, who they are trying to contact, and to go one step further, use a part of actual information, such as the last 4 digits of your account, to help make sure this is you and them talking.
  • Is it too good/bad to be true? Another common phishing method is the 'Nigerian Prince' scam or 'I need help' scam.  Where they want personal information or bank information to route money to you or get money from you to bail them out.

For more information, please refer to UC Santa Barbara IT - Identify Phishing Scams.

What you can do to protect yourself...

...

For all intents and purposes, yes.  In UCSB Connect (GMail), there is an Icon that looks like this:

Image Removed

Clicking on the Down Arrow portion will pull up a menu and you can click on Report Phishing for that particular email.  This will give Google a sample of the phishing email to help improve their ability to filter future emails of this nature.

If you are not using the UCSB Connect (GMail) Web Interface, your best option is to report the email through the Web Interface.

Please also refer to https://security.ucsb.edu/report-incident/report-harassing-or-unwanted-email

You can follow the guide on how listed here:

How should I report a phishing attempt?

Please also refer to Report Harassing or Unwanted Email on reporting phishing attempts.

...