Phishing remains a prevalent tactic used by cybercriminals to deceive individuals into disclosing sensitive information or installing harmful software. These malicious emails often masquerade as legitimate communications from trusted sources, aiming to trick recipients into clicking on harmful links or attachments.
Some Common Myths
MYTH 1: Phishing emails can't originate from familiar mailboxes. FALSE. Cybercriminals can spoof email addresses, making messages appear to come from trusted sources. Emails targeted for easier-to-attack victims may have only the display name changed, while a mailbox itself would be a purpose-generated mailbox from a free email service provider. For example, the display name could be “Douglas College Admissions,” and a mailbox behind it could be college97537@gmail.com.
MYTH 2: Phishing emails always contain poor grammar. FALSE. Modern phishing attempts often feature convincing language and may resemble legitimate communications.
MYTH 3: Clicking on a phishing link without providing login credentials is safe. FALSE. Clicking on malicious links can lead to malware installation, even without entering credentials. A new cyber-attack trend called "drive-by-download" is on the rise. Drive-by-download simply means a malicious code gets downloaded to your computer or your mobile device when you click on any unsafe link, including a link from a Google search.
Recognizing Phishing Characteristics
FACT 1: Watch for emails or texts that look out of the ordinary. For example, it would not be normal for someone from Human Resources to write to you about the course registration deadline or a car dealership trying to sell you your course materials.
FACT 2: Do not click on links or open attachments in emails or texts from senders you do not recognize. If a topic seems particularly interesting, google it instead. Use VirusTotal to see if a site might be known to be malicious. (Note: If VirusTotal does not know of a link being malicious, it does not mean that the link is safe for sure.)
FACT 3: Hover over links. Make sure that they lead where they claim to lead before clicking on them. Be particularly careful with links that contain bit.ly. This link shortener is very popular with cybercriminals. If unsure, perform a web search instead.
FACT 4: Be wary of urgent or threatening language, which could signal a phishing attempt. Verify such communications through alternate channels.
Spam is a non-malicious unsolicited email. The best action to take is to delete anything that looks like spam.