Knowledgebase:
What is a Phishing Email and How to Avoid Them
Posted by Donald Sloat, Last modified by Donald Sloat on 18 May 2018 12:54 PM

We highly recommend you complete the DCCC security awareness training for employees. This is not a substitute. 

Phishing Email

What is Phishing email?
Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information. Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.

Example of phishing scam in an email message:


What to look for in Phishing email?

  • Don’t trust the display name -
  • Look but don’t click-
  •  
  • GroupWise Client:
  • Webmail Client:
  • Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it.
  • Check for spelling mistakes
  • Example. dccc.edu vs dccc.education or amazon.com vs amaz0n.com 
  • Analyze the salutation
  • Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.
  • Don’t give up personal information
  • Legitimate banks and most other companies will never ask for personal credentials via email.
  • Beware of urgent or threatening language in the subject line
    • Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
  • Don’t click on attachments
    • Malicious attachments that contain viruses and malware is a common phishing tactic. Don't open attachments your not expecting. Contact the sender to verify legitimacy. 
  • Don’t trust the header from email address
    • Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.
  • Don’t believe everything you see
  • Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

 If you have any questions or doubt regarding Phishing Email, please call us, OIT Dept. at 610-359-5211