How Do You Like Your Phish?

Phishing remains an ever popular way to get computer users to install malicious code or visit sites that they didn’t choose.  Many of the phishing attempts here at Swarthmore seem to fall into one of two categories:

–          Email account and/or password related
–          Government related (i.e., IRS, Federal Reserve, ACH, etc.)

It should be pretty easy to recognize the first category since Swarthmore ITS will never ask for your password in an email and will never disable your email account while actively enrolled at or employed by the college.

As for emails that appear to come from the U.S. Government, the question to ask yourself is whether the sending organization (typically spoofed) actually has your Swarthmore email address?  Also, would that organization really try to reach you by email without prior contact by you?!  I’m pretty sure the Federal Reserve Bank doesn’t maintain a list of Swarthmore email addresses!

Phishing emails typically try to elicit an immediate reaction from you (say, panic) so that you’ll click on the provided link or open the attachment without thinking.  Next time you get one of these emails, ask yourself the questions above and whether the situation makes sense.  And, if you’re still unsure, don’t hesitate to check it out with Client Services or me.

You also have a better chance of spotting faked URLs (web page links) in email if you display them as text rather than HTML.  For more on reading email as text, see this blog article.

There’s a whole page of prior phishing attempts against the community here and below are some recent phishing email Subject lines (note spelling errors):

Your Tax Return

Federal Tax Transaction Cancelled

Western Union transfer is available for withdrawl

Facebook Password Reset Email Issue

Treasury Inspector General for Tax Administration

Notice of Underreported Income

etc. , etc., etc.

Stay safe,
Nick