OIS Security Bytes

UNC’s Office of Information Systems will be posting bite-size IT Security tips for our users (formerly Tip of the Month). As IT Security concerns become more a part of our everyday life, awareness is one of our best allies. For more information, contact your local IT Support or chat with us at help.med.unc.edu. View this security byte on phishing.

Phishing Email Brain Game: Can you spot the fake?

Example #1:

From: <MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@ad.unc.edu>
Date: June 10, 2014 at 2:00:03 AM EDT
To: <unc_user@unc.edu
Subject: Your mailbox is almost full.

Your mailbox is almost full.

OIS Security Bytes 1

Please reduce your mailbox size. Delete any items you don't need from your mailbox and empty your Deleted Items folder.

******************************

Example #2:

From: USER, UNC
Sent: Sunday, July 20, 2014 4:20 PM
To: unc_user@unc.edu
Subject: RE: Warning Notice

Attention

 

Your mailbox is almost full.

OIS Security Bytes 2

WARNING YOUR ACCOUNT MIGHT BE SUSPENDED

Your E-mail box has reached its maximum limit of sending mails and Your account will be disabled if you do not update now.
CLICK HERE and follow the instructions to upgrade for more sending mails space, Your account will be automatically updated.
Admin Help-desk.

******************************

Spoiler Alert: Example 1 is the legitimate email. Notice the valid MicrosoftExchange@ad.unc.edu from-address. The message is informative in nature and does not threaten to disable your account if you don’t take immediate action. It also contains no links that could lead you to trouble. 

However, it is also important to recognize the specifics in Example 2 that should alert us to a problem. 

1) The From line is not from an expected domain. For example, a message from the IRS saying that your tax form is ready should not come from an address that ends in .ru (Russia).

2) A warning of DIRE consequences and a call to action

3) Grammatical, errors And incorrect cApital letters

4) A link (all links within emails should be considered suspicious!) that, when hovered over with a mouse, shows an address unrelated to the claimed source of the email

Phishing messages are sometimes a real challenge. It is always better to open a browser and directly visit a site than to click a link from within an email. If you do not expect a piece of mail (even if it claims monetary rewards, dire consequences, to be from the IRS, or information on the latest missed Amazon delivery to your home), trust your instincts and ask your local IT Support for advice BEFORE clicking on that link.

Please see the link below for more information regarding phishing emails.

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf