Dangerous Email - Identifying a Phishing Attack


Phishing scams are a form of “Social Engineering” in which the attacker attempts to trick you into giving them your credentials or access to your system. Phishing typically refers to scams carried out through email, but very similar scams can be run through text or social media messaging. In phishing scams, the attacker, or “phisher,” will pose as an institution or individual that you trust by sending you a fake message that claims to be from that trusted party.

Often, the goal of a phishing attack is to get you to provide your login credentials or other sensitive information like your social security number or financial institution information. This information could then be used to gain access to your private accounts or to steal your identity. You should be suspicious of any email that asks you to provide personal information or that directs you to a webpage that ask for this information.

Another goal of phishing is to trick you into downloading malicious code onto your computer. This can occur when you click a link or open an attachment. The malicious code can then do any number of very bad things to you, your computer and your network. You may never know it’s there, or it may be glaringly obvious like when “Newman’s” face pops up on Samuel L. Jackson’s computer screen in Jurassic Park saying, “Ah Ah Ah.” 

Phishers attempt to play on your emotions, often including disturbing or enticing information in their emails in an attempt to provoke you to act. They may try to create a false sense of urgency by saying "your account will be deleted" or that "you are over your email storage space." They often urge you to act immediately to "update" or "verify" your account information.

Phishing techniques and social engineering techniques in general are growing increasingly complex and the impersonations are getting more and more realistic and difficult to spot. Ohio State email accounts continue to be targets for an increasing number of phishing attacks. Some of these emails are very sophisticated; using "real" Ohio State email addresses, convincing branding and/or "official" signatures.

Here are some tips, and examples, on how to identify a phishing attack.

The first thing to remember is that FAU will NOT ask you for confidential information in a “”BCC” email, and will not direct you to a link off our secure network.

  • The “To:” field
    • The “To:” field in many phishing emails is left blank.  This is because a phisher uses a compromised account to send an email, and instead of obviously sending an email to 50 users from different organizations, they use the BCC to prevent you notifying all the other potential victims, and tipping their hand that this is not to a homogenous group of recipients.
  • The “From:” field
    • In an a scam, it likely will not be from someone inside FAU, or the email will be spoofed. Make sure to check the address carefully.
    • In a money Phishing scheme, these will often not match at all
      • FBI (Director) James Comey Jr. <simonlin@chinaconstruction.com.sg>
  • Links
    • Look for links that use “Click Here” or other generic terms to hide the link path.
    • Links that lead to a site other than the organization they are pretending to be.  Often generic sub-sites, or foreign sites ending in a 2 letter country suffix like “.ru”, “.hu”, or “.ch”
  • Spelling and Grammar
    • Most Phishing attempts are initiated in countries where English is not a primary language.  As such, emails are fraught with grammatical and spelling errors.  See the examples below.
  • Generic IT terms
    • Phishing attempts use terms like “Web-Mail” or “Help Desk” so they don’t need to specialize to individual organizations.  While some more sophisticated attacks will include certain levels of detail, they are always clear upon scrutiny.

If you receive a mail and you are not certain, please contact the Help Desk at 561-297-3999 or forward the email to security@fau.edu before clicking anything in the email.

100% helpful - 1 review
Print Article


Article ID: 102506
Mon 3/23/20 12:05 PM
Mon 3/23/20 12:06 PM