This was a phishing test – Please read below!

 

What just happened??

The e-mail you just clicked on was a simulated phishing e-mail, the same kind of e-mail that hackers use to steal data. If this had been a real attack, your computer could have been hacked, simply by visiting a webpage. Information Security plans to periodically send out these phishing emails to keep you on your toes!

What is phishing?

Phishing refers to sending an e-mail that attempts to trick someone into clicking on a link or opening an attachment. The goal of phishing is to hack computers and steal valuable information, such as usernames and passwords.

Why should you care?

Clicking on links in phishing e-mails, opening attachments, or filling in confidential information on malicious websites puts both the University’s and your data at risk. Through phishing emails, attackers can gain access to confidential information, steal money from your bank accounts, or steal your identity.

What’s safe? What isn’t?

There is little risk in simply reading e-mails. The risk is in clicking on links or opening attachments. Attackers can e-mail you infected attachments which install malicious software intended to hack your computer. Clicking on a link can take you to a website that attempts to steal your login and other valuable information, or download malicious software to your computer.

 

Let’s take a look at the simulated phishing e-mail and discuss how you could have identified it!

  1. Unfamiliar or generic sender
    • Always be cautious of e-mails that you weren’t expecting, even more so if you don’t recognize who’s sending it. It’s common for phishing e-mails to come from generic e-mail addresses, such as microsoft@microsoft.com.
  2. A sense of urgency!
    • The goal of a phishing e-mail is to get you to do ‘something’. Whether it’s getting you to click a link or enter your information, often phishing e-mails try to create a false sense of urgency to get you to act quickly.
  3. Generic greeting
    • A generic greeting more than likely means the e-mail was sent out in bulk to a large number of people.
  4. Excessive grammatical errors
    • It is common for some phishing e-mails to have excessively bad grammar. Many hackers speak a different native language than their victims or don’t take the time to polish the language in their phishing e-mails. This can sometimes be a good indication the e-mail is not legitimate. At the very least, this is unprofessional and not what you would expect from a company such as Microsoft.
  5. Suspicious link
    • There’s nothing suspicious about links in e-mails. However, with everything else discussed, this generic link is concerning. Be cautious when clicking links.
  6. Generic signature
    • The signature doesn’t have any contact information or anything that can be used to confirm the identity of the sender.

Comments & Complaints

For questions and other inquiries, email UR Information Security.