Versions Compared

Old Version 27

changes.mady.by.user kuyker (Deactivated)

Saved on

compared with

New Version 28

changes.mady.by.user Alex Markessinis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Check that the email address and the sender name match.
  • Check if the email is authenticated.
  • Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
  • Check the message headers to make sure the "from" header isn't showing an incorrect name.


Example of a phishing email

In the example below Alex is the target of a phishing scam by an attacker who is pretending to be Ryeley. The attacker is very convincing; they've used Ryeley's real email signature and changed the sender name to Ryeley's full name. The attackers emails are in red, and the targets emails are in blue.

Column

From: Ryeley Kuykendall <networkadmin@my.com>

Date: Wed, Mar 20, 2019 at 6:13 PM

Subject: Re[3]: Re[2]: Urgent Request

To: Alex Markessinis <alex.markessinis@sage.edu>

On Wed, Mar 20, 2019 at 5:59 PM Ryeley Kuykendall <networkadmin@my.com> wrote:


Available?


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges

--------------------------------------------

On Wed, Mar 20, 2019 at 6:02 PM Ryeley Kuykendall <networkadmin@my.com> wrote:

I'm in a meeting right now, I need you to help me complete a task right away from any nearest store around.


Thanks


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges

--------------------------------------------

On Wed, Mar 20, 2019 at 6:13 PM Ryeley Kuykendall <networkadmin@my.com> wrote:

Are you receiving my emails?


Thanks


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges

--------------------------------------------

Wednesday, 20 March 2019, 11:00 PM +0100 from Alex Markessinis <alex.markessinis@sage.edu>:

Sure? What is up?

--------------------------------------------

Wednesday, 20 March 2019, 11:03 PM +0100 from Alex Markessinis <alex.markessinis@sage.edu>:

Okay.

What do you need?

--------------------------------------------

Wednesday, 20 March 2019, 11:06 PM +0100 from networkadmin@my.com <networkadmin@my.com>:

Here is what you need to do for me real quick. I need google play gift

cards, can you get some at the store right now? Let me know to advise

denomination to purchase. I will reimburse you all expense as soon as I'm

done.


Thanks


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges


We always advocate checking the email address being used to send the email rather than just looking at the senders name. This will help you verify whether the email is legitimate or not. In the example above you can see the email being used by the attacker is networkadmin@my.com. This is not a valid Sage email address as it does not end with @sage.edu, however, the name used is the name of a Sage employee.

Related articles

Filter by label (Content by label)
showLabelsfalse
max5
spacesITKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("password","phishing","scam","spam","email","gmail") and type = "page" and space = "ITKB"
labelspassword

...