Spotting a scam email (aka a phish)

Issue

We are inundated with information nowadays, from the tweets, texts, TV, streaming, email, mentions, etc, etc.  This hectic lifestyle puts us into a mode of needing to respond as soon as possible to any interruption or notice that happens in our lives.  The problem is, malicious scam artists are aware that we are overwhelmed by the influx and are taking advantage of our vulnerability.  They do this by creating realistic looking emails and enticing us to click on them and enter our sensitive data before we realize it is a scam.

How to easily spot a scam

Phishing emails continue to get better and better.  They now are using the institutions branding and create websites that look like our schools and workplaces.  But, their messages typically fall into one of two categories, something that is too good to be true, or something that is too bad to be true.  And you have to act now, or else something is going to happen.  If you recognize this theme in an email, it should immediately cause you a feeling of mistrust.  At this point, it is time to Stop, Think before you Connect.

Example

Here is a simple example phishing email that we received early in the morning on Thursday, January 24, 2019.  There are a few details that should clue you into it being a scam.

  1. First, the from address.  This is coming from what looks like an address @alaska.edu.  The Institute for Advanced Study is not associated with alaska.edu, especially with our IT.  This address should be a huge clue, but it gets worse.
  2. The email was sent at 12:36am.  Our IT offices are only open from 8am-5pm.  It would be extremely rare for you to receive an email from IT staff at this time of night.
  3. The Subject line is empty.  It happens to all of us, we send out an email and forgot the subject line.  But, an official email from the IAS should not have an empty subject line.
  4. The salutation is "Attention!!!".  This is not how we address you, our respected Scholars and Staff.  This salutation makes it seem like an emergency.  This is a telling marker in spotting a fake email.
  5. "As you requested".  Certainly, you did not request for your email to be "cut off".  This is definitely, "too bad to be true".
  6. But, there is a golden parachute, just click on this link to restore your account.  This is not how we, or any other IT organization, should handle email account access.  If this is typical, please contact your helpdesk, or bank, or library, or wherever you are purportedly receiving this email from to verify.
  7. Hover over the link and take a look at where it is sending you.  Here is an image where I'm doing that with this email.
  8. As you can see, the link sends you to form.jotform.com.  This address is not associated with ias.edu.  Don't click.

What if I did click?

If you did click, don't panic.  It happens to all of us at some point.  Once you realize, simply contact your computing helpdesk for assistance.  If you've typed in your username and password on a malicious site, and realized it afterward, change your password.  If you don't know how, just contact your computing helpdesk.  Many have a howto change your password on their official webpage as well.

The worst thing is to just ignore it.  These accounts can become compromised and cause damage to your account, or other Institute resources.  We promise, we won't be mad, just let us know!

Ok, I spotted a phish, now what?

Great job!  Now, please let us know.  Take a look at our IAS Security Phish Bowl.  Is it already there?  If not, send us a copy of the phish to phish@ias.edu.  Don't worry about sending us too many.  We'd rather be told too many times, then not at all.  Spread the word among your colleages, maybe they received a copy as well.  Remember, keeping ourselves secure is a group effort.

 

Thanks,
Brian