Phishing - what is it and how to avoid getting caught

Phishing is defined by Wikipedia as an "attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication."

 

 

Every day, we face threats from individuals and organisations who are trying to steal our information, or block our access to it. While ICT Services has applied multiple layers of defence to stop phishing messages from reaching staff and students, it is not possible to stop all attacks. One of the most common approaches used to compromise your data is to send a phishing message (email or text) which tries to trick you into clicking on a web link, or opening a malicious document.

Telling the difference between real messages and phishes can be a challenge, as many fake messages are carefully crafted to look genuine. However, there are things you can look for when trying to assess if a message is real or not, and some of these are listed below. Remember, if in doubt, delete the message, or contact the sender if it's somebody you recognise, and confirm if they did send the message.

 

REMEMBER: If you believe your DIT email account has been compromised, try to change the password immediately if you can at DIT MyPassword. Then contact the DIT Service Desk as soon as possible at x3123 or via the Service Desk portal. The longer a DIT email account is misused, the more likely all DIT emails will be blocked.

 

Examples of phishing messages

The following phishing examples are intended to try and give a sense of how criminals are trying to gather your personal details. The ways in which they try to this this change constantly, so constant awareness of the threat they pose may be your best last line of defence.

For more information on protecting yourself and your data, check out our top tips here

 

WARNING: These are real examples of phishing emails. Do not attempt to visit the links shown below.

Example 1 - Email with drive-by phish

Example 2 - Email with phishing attachment

Example 3 - Text message with drive-by phish

 

Example 1 - Email with drive-by phish

The purpose of this type of email is to get you to click on a web link, and give away some of your personal information. Some of the things to watch are for are noted below:


1.  By using the word "URGENT" in the subject line, the sender is hoping to provoke an immediate response by the recipient without considering the risks involved
2.  The use of a phrase like "valued customer" is a giveaway, as you would expect a large company to know your name. However, more elaborate phishing emails will have your details if these are publically available
3.  Some of the wording used reads a little strange, though correct grammar is no guarantee of legitimacy
4.  The link suggests it will bring you to Vodafone. However, hovering your mouse over the link will show the real destination "tuckytucky" which is unlikely to have any connection with Vodafone

 

 

The same email as above is now shown in a Google Mail window. You will see that the Vodafone logo is now displayed. By default, this is disabled in Microsoft Outlook. Also, take note of where the web address is shown when you hold the mount pointer over the link, it appears in the bottom left corner of the window.

To change the automatic display of images within Google Mail, go to Settings -> General -> Images and select “Ask before displaying external images.” Click “Save changes” at the bottom of the screen

 

 

 Example 2 - Email with phishing attachment 

 

In the example shown below, an email has arrived from a recognised sender with an attached document. However, the wording is very vague, and not what you would usually expect from that sender. In this case, the email account of the other person was compromised, and was used to send malicious emails to contacts in their address book.

If an email such as this doesn’t look right. Ring the sender for confirmation that it is real. Otherwise, delete it.

 ‌‌‌

Example 3 - Text message with drive-by phish

Compromise messages don’t just come via email. Be very careful if you get an unsolicited text on your phone with a web link, and a vague message offering something like a photo or other file. It could be attempt to extract your username and password for malicious purposes.

 ‌

Back to Top

     Find us on Facebook      Follow us on Twitter      Follow us on LinkedIn

Member of the European University Association