Phishing Awareness and Reporting
Phishing is dangerous, it targets groups of people in an attempt to steal financial information, usernames, passwords, or compromise the security of your computer / mobile device.
Phishing email content is general enough to target a large audience such as all customers of a bank or website. The content of the email appears to be legitimate but close inspection of the message content
can raise suspicion that the email is not valid.
Phisihing attacks can often be identified simply by reading the message:
- Poor grammar and spelling
- Links in the email: check the link and verify the link text to the link destination. Does the link direct you to an unknown website?
- Urges quick action by the victim or they will face consequences
- If the email has an attachment, you should evaluate the attachment.
- Are you expecting an attachment? Verify with the sender.
- Save the attachment and scan with anti-virus before opening. Often previewing a file is enough to infect your machine.
Spear Phishing is similar to Phishing except the attacker is targeting an individual or small group of people with well-crafted emails that are harder to detect compared to phishing campaigns.
If you believe you received a phishing email:
- Save the original phishing email as an attachment. Do not forward as we need the original email for our investigation.
- Send copies of links to websites
- Screen captures of data that can't be copied or attached
Send the above information to: email@example.com
Accessing and Sending Email Informaiton:
Microsoft Outlook Has Several Ways to Send an Email as an Attachment:
1. The ribbon at the top has an attachment button that can be selected to send the current email as an attachment
2. Either "right click" or "control click" (for MAC) on the message, select "Forward Special" and select "As Attachment"
Other email clients and webmail clients have slightly different ways to access the information that attaching an email gives us for investigation. Please "google" how to do this or view the email client's help menu.
For Gmail the user has to show the original email and cut/paste the results into a new email. This will give us all the information that we use for investigations as well.
1.With the email of interest open, drop down the mail menu
a. Select Show original
2.Copy and paste the contents of the original header into a new email
3.Send the new email to us with a description of why it is phishing/fraud.