How to Recognize Phishing Emails and What To Do

Phishing emails are deceptive messages sent by cybercriminals to trick individuals into divulging sensitive information such as passwords, credit card numbers, or personal details. Here are some tips to help you identify and respond to phishing emails. 

How to Spot Phishing Emails:

  • Check the Sender - Verify the sender's email address. Look for misspellings or unfamiliar domains.
     
  • Urgency or Threats - Phishing emails often create a sense of urgency or threaten dire consequences if you don't act immediately.
     
  • Spelling and Grammar - Phishing emails often contain spelling and grammatical errors.
     
  • Suspicious Links - Hover over links to see the actual URL. Be cautious of URLs that don't match the sender's domain or use URL shorteners.
     
  • Attachments - Avoid opening attachments from unknown senders, as they may contain malware.

Type of Phishing Messages

There are many types of phishing messages, The following list provides the most common examples of phishing attempts:

  • Email impersonation or spoofing
    • A forgery of a message so it appears to have originated from a legitimate sender. This is a popular tactic by attackers as the recipient is more likely to open a message from a familiar source. These attacks often turn into gift card scams, where the attacker influences the individual to buy gift cards.

  • Part-Time Job Scams

    • These often target college students or alumni who may be searching for job opportunities. These scams are fake job offers that are usually too good to be true, offering high wages for little work. Be wary of any unsolicited emails with this characteristic, especially ones that send a check prior to you beginning any work. The attacker often will request you to wire a portion of the check back to them, and you will lose that amount of money.

  • Extortion email messages
    • These threaten the recipient and demand a payment, often in the form of a cryptocurrency like Bitcoin. A popular extortion category is known as sextortion, where the attacker will claim they have malware installed on your computer that captured embarrassing photos of you. Attackers may also leverage previously breached credentials for services tied to your email address to provide a level of authenticity to their message. 
       
  • Phishing
    • A type of social engineering attempt that takes place over the phone. A random number or spoofed phone number calls and the attacker attempts to collect valuable personal information by claiming they are a debt collector or other type of customer service representative.
       
  • Spear Phishing
    • These are more targeted and personalized in order to increase chances of fooling recipients, spear phishing attacks use publicly available information to impersonate the target's friends, relatives, coworkers, and other trusted contacts. The attacker will gather information about you through your social media accounts or through your employer's webpage.

What to Do if You Receive a Phishing Email

  • Do Not Click on Links or Download Attachments
  • Report the Email
    • Use the Barracuda Essentials tool in your Outlook toolbar. The icon will be displayed in the Microsoft Ribbon.
    • If the Add-in is not available, forward the email (as an attachment) to KCCD IT Security to report-spam@kccd.edu.
  • Delete the Email
Print Article