Phishing attacks take many forms with websites, emails and text messaging being the most common. These attacks have been on the rise since most of us started to work and study at home due to COVID-19. As of Nov 2020, Google reported just over 2 Million websites for that year alone! The CyberSafeTT PhishTank has some of the more common Phishing Website examples and these are updated regularly.
These attacks are not only increasing in numbers but also increasing in sophistication. A recent series of Phishing Emails were uncovered where the target was staff at a local university.
The Phishing emails were made to seem to come from a credible gmail account which included the full name of the staff member. In an attempt to also make the email more credible, a complete signature was affixed to the email as well, which would make the unsuspecting recipient more trusting that the email is real.
It would seem that scammers are taking more time to carefully scrape (copy) information from the staff profile of an organization website when creating a phishing email. This is a far cry from where phishing emails started.
Seen to the right, is a replica of such an email.
There are many things in that email which have been intentionally placed to make it seem more credible. However, upon closer inspection you would realize that these are actually tell-tale signs of a Phishing scam.
- Even though the email address contains the full name of the person, you should pay attention to the numbers appended to that email. Ask yourself if you’ve ever seen that person send you an email from that address before?
- Most phishing scams tend to relay a sense of urgency. If the person in question is close to you, would they send an email as an ‘urgent’ form of communication or would they have called or sent a text instead? Also, does this writing sound like how the person would normally write an email?
- The detailed signature is indeed quite smart but, why would someone use their professional signature in a personal email? That is not something you would often notice and this is probably the most glaring mistake of the email
- ‘Sent from my iPhone’ may also seem to legitimize the email however, is this something that you’ve noticed before? Do you know if the person is indeed an iPhone user?
As mentioned above, while the email does seem to have been carefully crafted, there are also some tell-tale signs that it is indeed a scam. If you do come across such an email, take the time to review. Reply to the person from an already established email or better yet, call them if you have any doubt. If the email does indeed turn out to be a Phishing scam, you should notify your IT Department so that appropriate measures can be put into place.