Phishing Safety and Tips

Confidential information safety is a concern for all users. Our personal information is targeted by hackers and other scam artists, as a means to install malware on your computer or have you provide your information for what seems like a valid reason. Because they are good at what they do, it is often difficult to determine which attempts are legitimate and which are frauds. This guide will assist you in determining if a telephone call, e-mail/hyperlink/ or other form of communication is legitimate. If you have any doubts about the authenticity of a communication, do not click on the link, download a file, or provide any information that may be requested. Contact Dornsife Technology Services for assistance with any suspicious e-mails or other communication.

What is Phishing?

Phishing is designed, primarily, to steal money or your personal identification information through fraudulent means, such as websites that ask for you to enter personal information or by installing malware on your computer that will steal your personal identification information.

Your personal identification information includes, but is not limited to, the following items:

Credit Card Numbers
Social Security Number
Date of Birth
Address
Passwords
Other personally identifying information

Phishing generally comes to you in the form of an e-mail or a telephone call. You may receive an e-mail or phone call that appears to be legitimate, from a service or organization with which you interact regularly. Because the hackers and scam artists are very skilled, these communications look and sound authentic. However, there are a few ways in which you can determine if the communication actually is authentic.

Anatomy of a Phishing E-mail

Phishing e-mails often share common elements that make it easier for you, the intended victim, to identify them as fraudulent. Below are some tips on determining the authenticity of an e-mail communication.

Note: Legitimate e-mails may contain elements that are characteristic of phishing campaigns. The more phishing characteristics an e-mail contains, the more likely that it is a phishing e-mail. However, each e-mail reader must use their own judgment in discerning the validity of an e-mail communication.

First, phishing e-mails look legitimate. Hackers want you to trust the e-mail communication, so they do everything they can to make it look authentic. Do not judge the veracity of an e-mail based solely on its appearance. An example of a phishing e-mail is provided below.

Phishing E-mail designed to look exactly like a legitimate e-mail from Facebook

Second, phishing e-mails almost always come from suspicious e-mail addresses. Because the sender is not affiliated with a legitimate organization, the e-mail address from which the e-mail is sent is usually the first indicator that an e-mail is fraudulent. In the example provided below, the e-mail address appears to be service@paypal.co.uk, which is a real e-mail address. If you look closer, you can see that the actual e-mail address is notice@paypal26.co.uk. If you suspect that an e-mail address is fraudulent, try entering the full e-mail address in a search engine and seeing what results are returned. The e-mail address may already be listed on websites that maintain databases of phishing accounts.

Phishing e-mail from a fraudulent e-mail address with a generic greeting

Third, phishing e-mails contain a generic greeting. As shown in the image above, the phishing e-mail addresses the recipient as "dear valued PayPal member." Legitimate e-mails will address you by your first or full name. Because the hacker/scammer does not actually have your real name (in most cases), they cannot address you by anything more specific.

Fourth, a phishing e-mail will always contain a hyperlink/clickable item/file to download. Clicking on the hyperlink/clickable item/file to download is the action the hacker needs you to take in order to steal your information. Either the hyperlink will launch a phishing website that will ask you for your personal information or the hyperlink/file to download will download software onto your workstation that is designed to collect and then misuse your personal information. The hyperlink may be disguised as a file attachment, button or other clickable image. The hyperlink, like the rest of the e-mail, will appear to be legitimate. However, there is usually a way in which you can determine if the hyperlink is fraudulent.

Note: USC email servers have spam/phishing protection services, like ProofPoint, in place to help weed out URLs that are designed to steal your identity or compromise your computer. These scanning services block suspicious links from appearing in your emails. However, just because a hyperlink appears in an email you receive from or at a USC email account, that does not mean the URL is safe to click. If you have any doubt as to the legitimacy of the email, do not click any links, and contact DTS immediately.

Usually, the real URL of the hyperlink/clickable item is masked. Placing your cursor over the hyperlink/clickable item will display the actual URL. An example is shown below.

Phishing e-mail with masked hyperlink

The website that is launched by clicking on a hyperlink/clickable item is a phishing website. Like an e-mail, the phishing website will look legitimate. An example phishing website is shown below.

Example phishing website

If a phishing website has been reported as such, you may receive a warning similar to the one shown in the example above. An alternate warning is shown below. It is recommended that, if you receive this warning about a website, you do not proceed to load that website.

Example phishing website warning

Fifth, phishing e-mails generally contain a threat. The threat is designed to prompt you into taking action. Most phishing e-mails are explicit in the use of the threat. In the PayPal example above, the e-mail recipient is threatened with an account suspension if the recipient does not respond within 48 hours. In the Facebook e-mail, the recipient is threatened with not being able to use the new security features if they do not update their account information. The use of a threat is a hallmark of phishing e-mails and is an excellent indicator that an e-mail is fraudulent.

Sixth, the phishing e-mails generally contain poor grammar usage and misspellings. While hackers and scammers are concerned with the appearance of their phishing e-mails, the grammar and spelling are usually flawed. An example is provided below.

Phishing e-mail with grammar and spelling issues

In the example provided, note the irregular capitalization of every word and other grammar/spelling issues that have been highlighted. While phishing e-mails will not always contain grammar and spelling mistakes, they often do and are an excellent indicator that an e-mail is fraudulent.

Lastly, it's a good rule of thumb that legitimate, unsolicited e-mails will not contain a file attachment for you to download. The file attachment is usually a virus or malware that will collect your personal information and report it back to the hackers/scammers. There are exceptions to this rule, as your IT department or other administrative office might need to send you an executable file. However, do not download unsolicited files from non-trusted sources.

Anatomy of a Phishing Phone Call

Phishing phone calls usually occur in one of two scenarios: you are being cold-called (no previous contact between you and the hacker) or you have already downloaded malware onto your computer and the hacker has extracted your contact information.

When a phishing telephone call is placed, the hacker is attempting to obtain your credit card or other personal information. They will usually claim to represent a reputable company, like Microsoft or Apple. They will then attempt to convince you that there is a threat to your computer or to your identity and that they need your credit card information to confirm your identity or to pay to have the threat removed. The threat, however, is the phone call itself. Do not give out any personal information, and contact a trusted IT resource, such as Dornsife Technology Services, immediately.

Use these tips to help you identify phishing e-mails and avoid providing scammers/hackers with your personal information. Never forward or redistribute phishing and scam e-mails.