Phishing Emails and Spam
What are phishing emails?
Phishing emails are emails sent by spammers and cyber criminals in order to harvest sensitive information such as financial, personal and login information. Phishing emails are a type of social engineering cyber-attack. The attackers will do their best to structure the email as coming from either a friendly familiar source or a source of authority (your supervisor, your IT department etc…) and request you to provide information in either a response or follow a link embedded in the email to a malicious site. In either case, they are after our private and confidential information.
How do you identify whether an email is a phishing email?
- Watch for the general language. Most phishing attacks come from non-English speaking countries. Many of the emails will have broken English and non-American style language.
- Check the email source address: Emails from IT will always come from a verified @bridgeport.edu address. Though spammers can find ways to spoof source email addresses, many of them will not do a perfect job. Please notice in the image below, although the email appears to come from firstname.lastname@example.org, you will notice that the real address where the email is coming from is email@example.com which is a compromised email account of the University at Buffalo.
- Check the link address of the clickable link embedded in the email. We will NEVER request you to provide your username and/or password on a site that is not a bridgeport.edu hosted address. This is one of the most important guidelines in identifying spam/phishing emails. Almost all of those emails will include an embedded link to a rogue web site that will harvest your username and password. The easiest way to identify the address of a link is to simply hover your mouse cursor over the suspicious link – do not click on it, just hover over it. When you hover over a link, the address of the link will appear inside a box. In the email below (which was an actual phishing email we received) you can see that the link address is https://cookj117301.wixsite.com/bridgeport – a page that was built with a free website building serviceto steal your credentials.