With the COVID-19 pandemic and the transition to working from home and online instruction, there has been a significant increase in phishing attacks. We all get dozens, if not hundreds, of emails every day. Many of them contain links. With cyber criminals getting cleverer, it can be harder to identify phishing attempts or differentiate between safe and malicious links.
Phishing
In a phishing attack, attackers use deceptive emails to “fish for” information and lure people into falling for scams. These emails are carefully designed to trick you into revealing financial information, login credentials, or other sensitive data. Or, they may secretly install dangerous software (malware) that compromises your computer and the files on it.
Phishing emails often pressure you to act quickly, without thinking. They play upon strong emotions — such as curiosity, fear, or greed. These psychological manipulation tactics are sometimes known as “social engineering.” Examples may include:
- An email about a UPS delivery you’re not expecting
- An email warning you your account will be deleted if you don’t respond now
- An email notifying you you’ve won a prize
If the email claims to be from a company you do business with, instead of clicking the link, use a bookmark to go to the site, where you can log into your account and verify the information presented in the email. Or use a Google search to locate the company’s main webpage.
Identifing Malicous Links
If you have questions or concerns about a link in an email, you can examine it for the following 3 clues:
1. Suspicious Domains
Pay attention to the link’s domain — the website the link is taking you to. Remember that when you are evaluating a domain, you look at it from right to left (yes, backward!), and that the actual domain name comes between the first forward slash (/) after the protocol and the first dot (.). Let's check the following example:
https://www.scu.edu/is/secure
In the URL above, scu.edu is the domain name, and it’s the website you would go to if you clicked the link. The "www" part of the link is called the subdomain.
2. Subdomain Scams
A common way to make a malicious link legitimate is to put the real site’s address in the subdomain, then use the malicious site as the actual domain. If we look at a link like http://scu.edu-login.us/, it looks pretty safe, right? It appears to have the university website address in it.
But take a closer look at the actual domain. The "scu." portion of this link is a trick — it’s the subdomain of edu-login.us. Are you familiar with edu-login.us? Do you want to go there and let it capture your password, or even download malware? Probably not!
3. Hyphens and Look-alike substitutions
An easy way for hackers to manipulate you into clicking a malicious link is by making it look very similar to the legitimate link.
By inserting a hyphen into a familiar website name (for example www.my-chase.com instead of the correct www.chase.com), an attacker can fool you into visiting a malicious website. Some real websites do use hyphens, so use a search engine to verify the URL’s authenticity before you click.
Look-alike letters can fool your brain into thinking the link is taking you to a legitimate site. Common letter substitutions include using “vv” as “w”, an uppercase “I” for a lowercase “L”, or zeros instead of the letter "o". Inspect the link carefully and type the name of the site as you expect it to be into the browser window yourself.
Want to learn more? Check out this 3 minute video about staying safe from phishing scams from Google: https://www.youtube.com/watch?v=R12_y2BhKbE
Thank you for helping to keep our network safe and secure.
Kristen Dietiker
Chief Information Security Officer