How to Identify a Phishing Attempt

Send Envelope

Send EnvelopeYou are the target of cybercriminals.  Often, they will setup websites that mimic our own websites in an attempt to get you to provide them with your credentials.  They then use these to log in as you to steal sensitive information, access critical systems, or even modify settings to steal your paycheck.   Often they can use your information in an effort to trick others employees to click on a link or launch a file that then gives the cybercriminal additional access into our network and servers.

You can teach yourself to recognize a scam email.

How do I identify phishing scams?

If you are unsure if an email is legitimate, ask yourself these questions before replying or clicking on a link.  Always keep in mind that NSHE personnel will never request your credentials (username and password) by email.

Look at the Header

  1. Have I given my email address to this company before?  Do I have an account with this company?  Does the sender identity match the purpose of the email?
  2. Is my email address listed as the From: address?
  3. Is the To: line addressed to “undisclosed-recipients” or a large number of recipients?

Look at the Content

  1. Does the website link look valid?  Hover over any link to see if the website matches the purpose of the email or the sender.  Make verifying web addresses a habit.
  2. Are there misspellings and typos?  How is the grammar and is the tone appropriate?
  3. Am I being promised a lot of money for little or no effort on my part?
  4. Am I being asked to provide money up front for questionable activities, a processing fee, or to pay the cost of expediting the process?
  5. Is someone asking me for my bank account number, other personal financial information or login name and password?

Think About the Email’s Purpose

Email is NOT a secure way to share sensitive information.  Legitimate businesses should not ask you for your passwords, login names, Social Security Numbers, or other personal information through email.

  1. Is the issue really as urgent as the sender makes it to be?
  2. Why does the sender request confidentiality?  How can I tell if the proposed activity is legitimate and really authentic?

The federal government provides a number of practical tips to help you identify Internet fraud and to protect your personal information.  Links will open up in a new tab.

The Federal Trade Commission offers their OnGuardOnline site.

You can also visit their Identity Theft website to learn more about identity theft and how to deter, detect, and defend against it.