#TechTipTuesday – Phishing Emails
Every Tuesday I share a Tech Tip on our social media pages to assist our staff in their use of technology as it relates to their role.
What is a Phishing Email?
Phishing emails are fraudulent messages designed to obtain sensitive information such as financial information, usernames, or passwords. These emails often include links which send recipients to a website where they are directed to enter personal information into a platform that, while appearing authentic, is fake. The most commonly recognized phishing email involves a message indicating a long-lost relative or Nigerian prince has left you their inheritance and your bank account is needed for the deposit.
Other common phishing emails include:
- claiming a prize such as a new phone
- being asked to purchase gift cards for someone in your senior admin team
- being asked to update your password through a third-party website
- indicating your account will “expire”
- stating that they have access to potential embarrassing search history that they will share
Organizations such as school divisions can be subject to many types of phishing scams as it is common practice to have staff contact directories located on their school websites. While IT departments have safeguards in place to block a number of these types of attacks, the constant evolution of networks developing these phishing emails means that sometimes messages still get through to end-users (both staff and students).
What Does a Phishing Email Look Like?
The purpose of these emails is to have the user believe their authenticity so that they act on the request of the message (ie: click on the link, add in their account details, purchase gift cards, etc). As such, these emails are sometimes notoriously challenging to detect. There are, however, certain things you can look for:
- Sender Address
- Do you recognize the name of the person or organization sending the email?
- Does the sender address match the address you have for that individual?
- A common phishing email uses the superintendent or principal’s name but the sender address may show up as something like superintendant@schooldivision.com
- Typos/Irregularities
- Are there typos in the name or email signature?
- Are there irregularities in organization logos?
- Sense of Urgency
- Does the message share that something negative may happen in a certain timeframe unless you act on the request?
- Ex: your account will be suspended in x-number of days, this information is needed for my meeting right now
- Does the message share that something negative may happen in a certain timeframe unless you act on the request?
- Emotional Messaging
- Does the request involve a scenario that causes you to be upset, embarrassed, or fearful?
- Financial Requests
- Does the message ask for you to make a purchase or provide details related to your financial accounts?
The following image showcases an example of what a phishing email may look like:
What Do I Do if I Receive A Phishing Email?
If you suspect an email of phishing based on the criteria mentioned above the safest route would be to forward the email directly to your IT department; include messaging that you believe this email to be a phishing email. This will allow your IT department to confirm the potential authenticity of the message and, if it is a phishing email, they can block the account from sending further messages to you or anyone else within your network.