We have all seen phishing messages, and possibly even clicked on a few in a moment of weakness, but what exactly is a phishing message and how can I identify one? In short, phishing messages are e-mail messages that attempt to gather your password, or direct you to a specific site where your machine can be infected by malware. These are all variations of social engineering attacks.
Gone are the days of being able to easily identify phishing messages through misspellings or bad grammar. Today’s phishing attacks are becoming more and more sophisticated and it is easy to fall prey to their tactics, so here are a few tips to look for in identifying phishing messages:
1) Closely look at the ‘from’ address. Frequently phishing attacks will use slight variations of the real domain name, or the name won’t even match. (such as BucknellTechDesk@SomeOtherUniversity.com or my.bucknel1.com)
2) Phishing e-mails almost always state that require urgent action is required, and threaten loss of a service or some reward if you don’t act quickly
3) These messages contain embedded links to a fake website – would you notice if a login page for MyBucknell actually went to my.bucknell.com (and not my.bucknell.edu)? Also beware of messages that may appear to have a correct link, but if you hover over the link, you will notice the web address doesn’t match.
4) If you are not sure of the validity of the message, contact the sender. If the email purports to be from your bank, call your bank to verify. You should even be suspicious of emails from your friends. If something seems off, always contact them to see if they sent the message, as their account may have been compromised. NEVER call a number or click on a link in a suspect email.
If you still are unsure of the validity of an e-mail, reach out to Bucknell’s Tech Desk for assistance.
Remember: the Tech Desk will NEVER ask for your password in an e-mail.