How Emails can be Dangerous

Dangerous email

Spear-phishers use email to:

  • Deliver file attachments that can infect your computer with malware.
  • Entice you to click on links that take you to web sites that will infect your computer with malware just by visiting it.
  • Trick you into handing over your user credentials so that they can gain access to your network or other sites.

How do I Spot a Phishing Attack?

To protect yourself from phishing attacks, look out for emails and messages that have these characteristics:

  • You are asked to click on links or open attachments.
  • Sensitive data is requested.
  • The message invokes strong emotions like greed or fear.
  • The message creates a sense of urgency.

Legitimate companies will never ask for passwords, social security numbers, or other sensitive data via email.

Always check the URL of the site you are visiting. Many times phishers direct you to a website that appears legitimate, but is used to steal your password or other sensitive data.

Can I Click on the Link in my Email?

Dangerous link

It is common to see an email with links in the message, but you should always be suspicious of any link you receive via email because:

  • Some websites install malicious software on your computer just by you visiting them.
  • Some websites will prompt you to install content or download a file. If you are instructed to do this, click No and follow-up with your IT staff.
  • Websites can be made to look like legitimate login screens to steal your password and other sensitive information.

You should always be suspicious of links in email. Before you click, you should verify that you recognize the linked URL.

Are Attachments Safe?

For years malware has been spread through files attached to email messages. Spear-phishers use file attachments to install malicious files like keystroke loggers to steal credentials and Trojan horses that allow them access to your network.

Identifying malicious attachments can be tricky, even for the experts. However there are a few things that indicate an attachment could be malicious:

  • The file type is out of place, for example you are asked to review a document and the file extension is .exe.
  • You weren't expecting an attachment.
  • The attachment is out of context, for instance you receive a file named payroll and you work in purchasing.

Phishers can change the name of the file extension to make it look innocent and they can also hide malicious files in a ZIP file, so it is important that you remain alert whenever you receive an email with file attachments.

Forged Web Pages

Fake website link

Emails are commonly used for phishing attacks.

  • As a consumer, phishers target things like your finances and accounts.
  • As an employee, they target things like intellectual property and other resources in your organization's network.
  • As a computer user, they want to gain control of your computer and/or network.

Some phishing attacks try to trick victims into handing over sensitive data (such as usernames and passwords) by presenting them with a fake login form. The login form appears to be authentic, but the site is really controlled by "bad guys" so that anything entered into the form is captured by the attacker.

Phishers target people across our organization, from those in leadership positions to entry-level employees. No matter what your role in our organization is, everyone will be targeted at some point.

See Something Suspicious? Say Something

See something wrong? Report it.

When you suspect that you have received a phishing email, the right people need to know because they:

  • Can help make sure malicious web sites are taken down.
  • Can block other users from receiving/opening the phishing email.
  • Can help make sure malicious web sites are taken down.

If you think you have received a phishing email or you've been a victim of a phishing attack you should contact the IT Help Desk immediately at (831) 582-4357.