Common Phishing Tactics
Phishing is…
the crafting of an email that appears real to trick you into clicking a link in an email or share sensitive information with a malicious party
Mimicked Login Sites
The most common phishing emails seek to create urgency by warning you about an impending negative event such as:
- Your password is about to expire
- Your cloud drive is full
- You have an invoice or receipt to review
Clicking on the links in these emails redirects you to a website that appears to look exactly like the Microsoft login page. This page is designed to harvest the username and password you enter.
Compare the 2 images below for example:
Note the different website addresses- the address on the right is a clue that reveals it is a phony page, and you should not enter any credentials. The link does not go to login.microsoftonline.com but goes to objectstorage.eu-frankfurt-1.oraclecloud.com instead.
In this particular case, any credentials you enter will be incorrect, and you will not be able to log in.
You may receive an error message that states you could not be logged in, with a generic reason, such as “Sign in attempt timed out.”
Spoofed Supervisor’s Email
Another common phishing tactic malicious parties are using is to identify the department or organization’s structure based on information from a public Contact Us, About Us, or Staff page commonly found on websites.
- Find a supervisor or manager from a website
- Send an email with no links or attachments, but with the supervisor’s name (known as spoofing,) to another employee found on the website
- If the recipient replies to the “supervisor” then the spoofer may explain that they need a gift card, money order, PayPal transfer, or other transactions. They might also ask you to run an errand for them.
Emails like this are likely not blocked initially because of their lack of malicious attachments or links. Knowing how to spot these emails early will help keep you and your accounts safe, and allow you to report them as phishing.
Report Phishing Emails
You can report phishing emails 24/7 from Outlook. This will add the sender’s email address to your blocked senders’ list.
This process takes 2 steps and roughly 30 seconds:
- Click on the Report Message button in the Home tab of your Outlook ribbon
- Specify whether the email is Junk or Phishing
- Click on Report
You must be logged in to post a comment.