Phishing has been plaguing email users since 1996, and it is not going away any time soon.
Email protection and filtering have evolved and become extremely intelligent, but so have the phishing campaigns.
Malicious individuals create more than 1.5 million new phishing sites each month and phishing accounted for over 80% of reported security incidents in 2020.
Phishing describes an email whose message attempts to entice, deceive or threaten the recipient into taking actions with the intent to steal money, computer access or usernames and passwords.
Many of us have seen phishing emails and know what the identifying characteristics are. It is wise however, to regularly reacquaint oneself with those indicators so as not to fall for a phishing email.
AgriLife Information Technology protects computers and users from malicious viruses and threats using Sophos Anti-Virus and sophisticated email filtering software that examines email messages before they even get to an Inbox.
Spotting Phishing Emails
There are numerous tell-tale signs of a phishing email. The table below contains a few characteristics that are commonly seen in phishing emails:
|The sender is someone who doesn’t normally use email to contact you||The IRS, the Social Security Administration, doctors/hospitals, your bank, or other financial institution(s)|
|The email does not address you by name||“Dear Sir/Madam/Customer”|
|The sender’s email address is odd||Your bank or supervisor will not use an “@gmail.com” email address, for example|
|The message tries to evoke a sense of urgency||“Your account will be cancelled”|
|Poorly written||Grammar mistakes from bad translation, spelling mistakes|
|You are asked to reply with private information or to confirm passwords or usernames||AgriLife IT personnel do not know your password and cannot access passwords to verify them|
|You are asked to perform strange tasks||Buying gift cards or making changes to your computer settings|
|You are asked to reply to the sender||Some institutions do send email, but they usually refer you to their web page rather than reply to a bulk message|
|You are asked to click a link or button||Links or buttons are used by legitimate sites in emails, but you can always go to the site (i.e. zoom.com) directly instead of clicking a link/button in an email|
|Odd Email Attachments||Names like “Texas A&M_VMrecord.HTM” or “ATT_8763~Covid-19 Test.HTM”|
You can see an email with real examples of these characteristics below:
If you hover your cursor over a suspicious link (but don’t click on the link,) can reveal the intended link, which in this example is not a TAMU link:
What YOU can do
When you receive an odd or unexpected message:
- Don’t panic or rush to act
- Re-read the message carefully
- Report the message using the directions below
If you are uncertain and have not taken any actions yet:
- Check with your IT Support Contact or the FirstCall Service Desk
- Visit the website you are being asked to go to by typing the address in to your web browser (ex. it.tamu.edu or firstcallhelp.tamu.edu) instead of clicking on any links in the email
- If the suspicious message appears to come from a person you know, contact that person via a different message, such as a phone call, text message, or Teams chat to confirm they sent the email
- Ignore the email and see if you get a follow-up (malicious senders rarely send a follow-up)
Reporting Phishing Emails
When you receive an email that you suspect as being a phishing email like below:
Open the message, then select the Report Message option in your menu bar
Then click on the Phishing option
Click on Report to send the phishing email to Microsoft to improve filtering.
The message is then marked as Phishing and moved to your deleted items.
Forward as Attachment
There are 2 ways to “Forward as attachment” while viewing any email.
In the menu ribbon above any message you read, there is an option next to the forward icon
Use the action buttons in the upper right section of the email message
Other steps you can take
In addition to the above, the Menu ribbon in Outlook also provides the Ignore Conversation and Junk options in the upper left corner of every email message.
The Ignore Conversation option removes all messages related to the conversation you select and automatically moves any future messages in the conversation directly to the Deleted Items folder.
The Junk pulldown menu just below the Ignore Conversation icon provides quick access to options for blocking or not blocking a sender based on the email address. Only block senders you’re confident are responsible for sending phishing or spam email messages.
What to do if you think your were phished?
If you suspect that you may have fallen for a phishing attack, please complete the following 4 steps:
- Note as many details as you can recall about what actions you took
- particularly note info such as which usernames, account numbers, or passwords you may have shared
- As soon as possible, reset the affected account with a strong new password:
- Confirm that you have multi-factor authentication (DUO) turned on for every account
- Notify your IT Support Contact or FirstCall immediately, as there may be additional steps that need to be taken to ensure that your device was not negatively impacted by the phishing email