Phishing (pronounced: fishing) is an identity-theft scam that can use emails, websites, and text messages (SMS) to trick people into giving out personal and financial information, such as credit card numbers, usernames and passwords, or Social Security numbers. Cyber-criminals use this technique to gain your personal information to use for their own benefit. Phishing messages can even come from a person you know or trust and it is important that you always read a message before you click on any links or open any attachments.
To learn more on how to protect yourself from these types of scams, please watch this brief informational video on the Microsoft Support Article "Protect yourself from phishing," which explains more about the ways to spot a phishing message.
Think you received a phishing scam?
Trust your gut. If the message seems off, it probably is. We recommend that you delete any phishing messages that you see and to not click on any of the links that are in the message. If you received a phishing message, but aren't sure, cross-check it with our current Phishing Examples and SMS Phishing (Smishing) Examples page where we post current messages that are being reported on campus.
If you don't see your message on the current example pages, you can report your message to our email security team.
More tips to avoid being scammed:
Asking you to Purchase or Give out Personal Information
If a coworker or classmate has never texted you outside of class or work before or they are texting you from a strange phone number, this could indicate an SMS phishing attempt. If the text message is asking you to purchase something for them such as gift cards or provide personal information, this is very suspicious. Do not respond to these types of messages and verify if they are legitimate by contacting the person from a trusted contact method, such as university email or phone number if you are unsure.
We recommend that you block any unknown number that is sending you links or asking suspicious questions.
One of the best ways to defend against deception is to take a critical look at the internet address and/or email address and evaluate it for authenticity.
Websites and the originating site of an email usually have an address based on the domain name – for example .com, .gov, or .edu. A list of common extensions is available in the article Understanding Web Site Names.
Ask yourself whether the extension matches the purpose of the site. For instance, a governmental site or email would typically end in .gov. If the domain name associated with the site or message is .com, be suspicious.
Sometimes, the site's name ends in a country code (e.g. .uk, ro, .ru or .ca). When you see this, judge whether it’s being used in the correct context. For example, would your local bank email you from Romania or direct you to a website based there? It is unlikely they would.
Even when the site name seems plausible, watch for these other red flags:
Concealed web addresses – In web pages or emails, links might say one thing and link somewhere different.
Deceptive addresses – Scammers often create deceptive web addresses that resemble legitimate ones.
Forged email addresses – In emails, the “From” address field is very easy to fake.
Beware of SMS Phishing messages sent to your email address
These will appear to come from an email address that includes a phone number and certain websites associated with wireless/text message companies, such as icloud.com, vtext.com, myvzw.com, momail.net, email.uscc.net. Example: +11234567890@myvzw.com
Deceptive links are a common trick used by scammers, both in emails and on web pages (especially advertisements). They will create a link that mimics a legitimate web address—but when you click it, it takes you to a completely different site than you expected.
An example: A phishing email sent to individuals here at the UI included the link:
www.its.uiowa.edu/webmail
Sounds legit, right? However, the underlying address was completely different, so when people clicked it they were sent to something more like this:
www.abc-bad-link.com/use/upgrade/form.html
What’s the worst that could happen if you click one of those bad links? Your computer could be infected with malware and an infected system can do just about anything, from stealing your personal information to spamming your unsuspecting contacts in an effort to infect their machines.
How can you tell if a link is deceptive?
BEFORE you click it, hover your mouse over the link. The link it actually leads to should pop up in a box or bubble (and it may even warn you of a mismatch). Look at the URLs closely to make sure they match.
Also, be cautious of any link that doesn’t clearly indicate where it leads—particularly links that say “click here” or those that do not disclose where you go when you click them, such as those provided by URL shortening services (TinyURL, Bitly, etc.).
Scammers are good at coming up with website names that seem legitimate but take you to a site you didn’t intend to visit—often a troublesome one that could infect your computer with malware.
Their trick: include just enough recognizable words and phrases to confuse people. At first glance, when you see those familiar words, it seems real. But a closer look reveals that it’s bogus.
An example:
These email messages claim to come from ITS, and you recognize phrases like uiowa and outlook.
http: //uiowaoutlook.uiowa.com.ru/outlook.htm
http: //216.32.44.201/outlook.htm
But, both are bogus, and here’s how you can tell. Look at the actual site name:
http: //uiowaoutlook.uiowa.edu.ru/outlook.htm
The first example includes “uiowa.edu,” but ends with “.ru” The “.ru” indicates a site in Russia—a highly unlikely origin for a message about any UIowa account.
The second example doesn’t have the host name, just the numeric address (IP address) that underlies a host name. A URL that only includes an IP address should be treated with great suspicion.
http: //216.32.44.201/outlook.htm
One more clue
We’ll wrap up this lesson with one last tip: Watch for letter substitutions.
You might see something like service@u1owa.edu, with the number 1 used in place of the lower case i. in “uiowa.”
Or, Helpdesk @its.ui0wa.edu, with a zero rather than the letter o.
It is easy to fake what appears in the “from” or “reply-to” line of an email message. If you dig a little deeper, you can confirm the message’s true origin.
When you receive an email, the message header includes standard information, like “to,” “from,” and “subject.” But there’s also a more detailed full email header that can help you trace the message back to its original source, to see if that matches up with what the more basic message header says.
If the “from” in the message header doesn’t correspond with what you see in the full version of the email header, be suspicious of a scam.
An example
The message header in the email below indicates that the message came from Adobe. But in the full header (Part 2, below), you can see the host name, ‘mta811.email.childrensplace.com’.
Childrensplace.com is a children’s shopping website—an unlikely origin for a message from Adobe. If the email had actually come from Adobe, the “received” line would probably show that the email started its journey at adobe.com.
Also, if you scrutinize the “reply to” section of the full header, it indicates that your reply would be redirected to “support-bx9v0dvbfjbebzau60jacqc68fsb9p@ email.childrensplace.com”—not the “newsletter@ adobe-newsletter.com” address that the message appeared to come from.
Revealing the full header
The full header is not automatically visible, but it’s easy to reveal it through your email software.
Here’s a support article on how to view or forward message headers in Outlook. This Google support article offers instructions for revealing full message headers in other email services.
Wath the speling …
Did you happen to catch the misspelling of “incorporated” in the “from” line in the example? (From: Adobe Systems Incoporated)
Spelling and grammatical errors are good indicators that an email could potentially be bad.