Phishing, Scams and Other Malicious email

Author:Author Chris Bayliss
Published: Posted on

Criminals are sending out millions of malicious emails every day.  Often these are trying to steal your personal details, including your banking information or your University login details.  Some might trick you into running malware on your phone, tablet, or computer.

How do I spot these?

Generally, if they look suspicious, they are.  If something feels wrong it probably is.

The emails try to do the following

  • Make you trust the email

They may pretend to be from IT Services, HR, the police, or a large company.

  • Make you panic

The email warns you of something bad that will happen if don’t act now

  • Ask you to do something odd or unexpected

This could be a link to verify your account, an invoice that needs urgent review, send money or gift vouchers.

The criminals want you to act, not think.  Stay calm, no email is so urgent it needs a response now.  You have time to think and seek advice.

Ask yourself

  • Am I expecting this message?
  • Would the sender really send such a message to me?
  • Is the message really the type of communication that you would expect from the organisation it claims to come from?

These emails come in all forms. Most are from outside the University and come in a variety of types.  They can look like unpaid invoice reminders, parking fines or tax demands; some look like OneDrive shares or Teams invitations.

The start of the video, Top tips for staying safe online gives a good summary of this advice.

Other things to look for

The content is suspicious

Unfortunately there is no simple set of rules that can be applied so here are a few  other characteristics.

  • There are often grammatical errors, odd wording or technical errors in the messages.
  • Links go to sites that are nothing to do with the organisation sending the email.
  • Link shortening services are used to hide where links really go (eg bit.ly, tinyurl.com, ow.ly).
  • The subject field does not really match the content

If in doubt, seek advice from the IT Service Desk.

The email address is not consistent with the organisation sending it

In the case of IT services examples would be email from IT services not coming from address ending in bham.ac.uk and not addresses hosted elsewhere – for example  helpdesk01@gmail.comIT@helpdesks.orgitsupport@freemail.inc.co or fcruger@barbiemail.co.uk.

Even if the address is correct, there is no guarantee that the email is genuine as addresses can be forged and sometimes compromised accounts are used to send malicious email.  However if the address looks wrong in this way you can be confident that the email is malicious.

Author: Chris Bayliss

IT Security Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *