Technically Speaking: To click, or not to click …
Asking a few simple questions can help you identify malicious emails.
March 7, 2019
Cybercriminals are sneaky. They’re pros at creating emails that appear to be from someone you know, which makes it difficult to determine whether the message is authentic or a scam. This is one example of phishing —a social-engineering technique to lure unsuspecting email recipients into disclosing their personal, financial or other sensitive information. Access to this information allows the phisher to hack the recipient’s computer, gain access to the recipient’s email accounts and even commit identity theft.
Information Technology Services has numerous security measures in place that strengthen the University’s security profile, including Safe Links, Office 365 account protection and firewall defenses. However, these technological safeguards are only the first line of defense against phishing scams. You hold the key to protecting your confidential information and our campus network.
Whenever you receive a suspicious or unusual email, ask the following questions before proceeding:
1. Who is sending the message?
Is the email from someone you know or a company you recently contacted? If not, be suspicious! Using your cursor to hover over the sender’s email address in the “To:” field will allow you to see the email address of the actual sender.
2. What kind of information do they want?
Scammers often ask for confidential information to steal your money or identity. When in doubt, call the sender on the phone to see if this is a legitimate request for information.
3. Why would this person or organization want the requested information from me?
If you have never contacted the person or organization, it is highly unlikely that you need to respond. For example, if you haven’t done business with a person or organization, it is unlikely you would receive an invoice from them. Or, if you didn't enter a sweepstakes, it’s doubtful that you are the winner of $1 million.
4. Where do the links in the message actually go?
Luring you into clicking on a link or opening a file attachment are common tactics cybercriminals use to install malware on your computer or device. Hovering over a link in an email displays the URL the link actually goes to. Remember, when in doubt, don’t click.
5. Do they want me to react or respond immediately?
Scammers often use scare tactics to get you to respond to the message or click on a link or file attachment. Often, messages will say things like, “Your account is delinquent,” “open immediately” or “invoice attached.” Don’t fall for this type of intimidation.
6. How does the message look?
Scam emails often have spelling, grammatical and formatting errors. If you see these red flags, consider whether the message is legitimate.
If you determine that an email seems suspicious, please forward it to firstname.lastname@example.org for investigation by the ITS Security Team. If you have any questions or concerns, the ITS Helpdesk is always available to help. Feel free to call 303-352-7548 or submit a help request online at support.msudenver.edu.