The Division of Information Technology (DoIT) has seen many different reports of Phishing and job scam emails sent to UMBC accounts. This article will list some helpful tips to spot phishing emails.
Here are some tips to help spot phishing scams when looking at the email body you should look for:
-
Disjointed “From/Received/Reply” email address. Make sure the email address lines up with who the email is from. If you receive an email from a user claiming to be from UMBC, they probably should have emailed from their UMBC account and the X-Sender and Reply-to in the headers shouldn’t be from non-UMBC domains.
-
Mis-branded and Disconnected/fake URL. Make sure the URL that the email provides is actually sending you where you think it should. Just hover your mouse over the URL and search engines like Google will show you where it will take you.
-
Unexpected file attachments. Never open or download a file from any unsolicited email. This is how malicious software could end up on people's devices.
-
MIME-Type mismatches.
-
Unexpected requests for action and sense of urgency. A red flag for any phishing email is when the email is not only giving the user a sense of urgency but asking them to perform an action that feels out of place. For example buying gift cards for your boss who is stuck in a meeting.
Another way to check for phishing emails is to look within the email headers. To find out how to see an email header please see the link below on how to forward full email headers.
Within the email headers you can find simple things that show red flags such as again the Reply-To and X-Senders.
-
X-Sender is a good way to tell if an email might be being spoofed as if the from is a UMBC domain but the X-Sender is a random domain this is a red flag.
-
Reply-To helps to show if an email is phishing or not as well. If the reply-to is different from the from address that is a red flag. At UMBC we see where scammers will compromise a UMBC account and put their own email address in the reply-to to trick users.
What to do now?
If you do any email that you suspect is a scam, please DO NOT respond any further or click on any URLs. If you have provided any banking or financial information, please notify your bank or financial institution immediately. If you have been sent a check, you should not attempt to cash or deposit it. If you have deposited a check already, please contact your bank and tell them that it may be part of a scam.
Whether you responded to the scam or not, please forward the message (with the email headers) to security@umbc.edu. We will also keep track of any other information you submit about the scammers, such as their phone numbers. If you were sent a check or other materials, please send pictures of it and the envelope they came in.
Information above came from a webinar from https://www.knowbe4.com/.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DoIT Security please visit: