It's that time of year once more - barbecues, swimming pools, leisurely days by the river, and phishing. Yes, phishing. Although, for cybercriminals, any time of year is prime for phishing. Let's delve into a successful phishing attempt at the University this summer.
Recently, many students received the following email.
Let's dissect this email to identify its suspicious traits.
First, the sender's display name and email address raise questions. Do you know this person? Is there a prior connection? Did you solicit the contact? The email comes from a .edu address, but not the University of Virginia. That's suspicious.
Another red flag is the missing greeting. The sender doesn't address the recipient by name, a tactic commonly used by cybercriminals. While they can sometimes use specific names, the absence of personalization is a warning sign.
The sender pretends to be a University resource to build trust and familiarity.
Cybercriminals often use contests, prizes, or tempting offers to lure individuals into revealing personal information.
Next, let's examine the hyperlink. Often, there will be a link or button in the email. Hovering over it reveals the URL. Another red flag is a link to a survey or form that requests additional personal or financial details. indicating a potential threat. Never enter sensitive information into a form or survey.
Lastly, be cautious of emails from unidentified senders. A lack of contact information or a recognizable person could indicate a suspicious email.
It's essential to approach all email correspondence carefully, especially regarding financial matters. Just as we wouldn't share our bank details with a stranger on the street, it's crucial to avoid divulging information in response to unsolicited emails. To confirm that an offer is real, reach out using a trusted, verified number or contact. Follow these guidelines to ensure your digital safety this summer.
June 2024, ec