Identifying a Phishing Email
By Daniela Cooper, on 6 March 2019
I know what you’re thinking, “Oh no, not another post about phishing emails!“. I know we do tend to bang on about this subject, but we do so with very good reason. A compromise through a successful phishing campaign is still one of the easiest ways for an attacker to get in, so for this reason alone we will continue to bang on about it. Phishing emails are still SO prevalent, if we can all learn to easily identify them, then that’s a big risk of ours reduced.
The phishing email
Before Christmas we sent out a phishing email to all staff at UCL, see below for a screenshot of the email:
Tell tale signs of a phishing email
There are a few common tell tale signs that we ought to bear in mind when we read our email, the following signs relate to the phishing email screenshot above:
- The from address – ucl@systemaccess.network does not look like a real email address, let alone a legitimate UCL email address.
- The to address – in this case the ‘to’ address was correct, but often in phishing emails the ‘to’ address is something other than the recipients email address.
- Subject line – the subject line suggests a sense of urgency.
- Opening line – the email does not address the reader by name, it says ‘Dear user’. A legitimate email should address the reader by their actual name.
- Spelling mistakes – some but not all phishing emails contain spelling and grammar mistakes.
- The URL – like the from address, the URL does not look legitimate either, it’s trying to look like a UCL domain but it isn’t. Always hover over a link to see where it will take you, as it may be different to what the text says in the email.
- Overall sense of urgency – the whole email has been designed to get the reader to take action quickly without taking the time to properly think about it.
If in doubt?
Even legitimate emails can sometimes look like phishing emails, it may be a good idea to gently point this out to the author when you come across these. As always, if you are not sure whether an email is legitimate or not, before you respond or click – ask us (isg@ucl.ac.uk).