Phishing Awareness

Tools to help you determine whether an email is authentic or designed to trick you

What is phishing?

Phishing is a form of cyber attack in which criminals use social engineering to trick you by sending fake emails that appear to be from a trusted source, such as an administrator or supervisor, local business, or coworker.

Common tactics include making threats ("If you do not act now, you will lose access to your account!") or asking you to confirm personal information ("Click here to log in and confirm your account"). Sometimes phishing emails include attachments that can infect your computer with a virus or malware if you open them.

A sophisticated attack might take you to a website that looks just like your bank's website, but is actually a fake site designed to collect your login information.

Why would anybody want to target me?

You're right, cyber criminals probably aren't interested in your lesson plans or teaching materials, but you are still a target.

Attackers want to trick you into divulging personal information so they can get access to your files or emails, or even your bank account. Your files and emails might even contain some personal information about students or other employees, meaning that if you fall victim to an attack, you could put others at risk for identity theft and fraud.

How can I determine if an email is authentic or phishy?

Here are five warning signs of suspicious email that you should learn to recognize:

The email asks you to confirm or provide personal information
The email address is not familiar, or does not look genuine
The message contains poor grammar or spelling
There is an attachment that you weren't expecting to receive
The message contains threats that make you panic

If a message seems suspicious, don't click on the links, open attachments, or reply, just hit delete! If you're suspicious, but also concerned that it might be genuine, consult with a colleague or someone in the IT department.

Example of a fake email

The email displayed here might appear to be genuine at first glance, but it is actually fake.

Red flags:

You're asked to click on a link
Urgency -- you must take action "ASAP"
Threat -- your files will be deleted on Friday!

How can we determine if this message is fake?

Hover over the links to view the address of the website they will send you to. The links in this example point to "2o2.lol", a suspicious website

Verify the sender and the reply-to address. Email addresses are easily spoofed. Just as you can write any name and address in the return address area of a paper envelope, a hacker can put any name and email address in the "from" header of an email. Clicking the little down arrow below the sender's name will allow you to see some more information. (We also do not use the email address it@lancastermennonite.org)

Verify offline. Speak with the person you believe to be the sender in person or by phone. If you received a message about an important matter from a supervisor or coworker, walk to their office or classroom and verify face-to-face whether they sent the message. In this example, you could directly contact someone in the IT department to verify whether this message is legitimate.

Use a "sanity test". At the time that this email was sent, the IT Director job was vacant, so the IT Director was not sending out emails about server maintenance!

In many cases, the sanity test is as simple as "Was I expecting to receive this email?" Were you expecting to receive a shipment tracking notification, a deposit to your PayPal account, or a bank statement today? If not, think twice before clicking.

More examples of fake emails -- can you spot the red flags?

State Attorney's Office Complaint

Red flags:

Email contains a threat or causes panic
"From" address is a free outlook.com email, not an official government address!
Asks you to click a link
Does not mention business by name or provide any details
"Reply-to" address is suspicious
Link points to suspicious website

Microsoft Account Team

Red flags:

Sender address is suspicious -- accountteam-microsoft.com is not the same as microsoft.com
Causes panic -- someone else is trying to break into your account
Link destination is suspicious
Asked to login to your account to verify (attacker attempting to collect your username and password)

Chase Account Issue

Red flags:

Sender address is suspicious -- chase-onlineservices.com is not the same as chase.com
Causes panic -- someone else may have accessed your bank account, and your account will be suspended
Urgency -- update your account details immediately!
Ambiguous greeting -- your bank knows your name and hopefully wouldn't address you as "Dear Customer" in this situation
Asked to login to your account to verify (attacker attempting to collect your bank login and take your money)
May be asked to provide other personal information ("complete profile update")
Link is suspicious