Lately, we have seen an increase in the number of spoofed emails, a form of phishing/spam email. To avoid getting hacked, verify that email addresses are authentic before responding.
Email spoofing is the forgery of an email so that the message appears to have originated from someone or somewhere other than the actual source.
Below is a real spoofing email one of our UC ANR employees received. We have replaced the From and To names, which were real UC ANR employee names. However, this was not sent by the person whose name appeared in the From section.
Sometimes it is obvious as the email of the sender, From email, is not hidden. Sometimes it is hidden and all you see is the name, which might be your supervisor, manager, director or VP.
The goal here is to have the employee (You) respond to the email, which doesn't have a link or attachment. So, it can't be a phishing/spam email, right? WRONG. Either a link or attachment would be provided once you respond.
Please be aware of these types of emails. If you have any concerns, or something doesn't make sense, follow the best practices:
- Try to reach out to the person directly via their known office phone
- Send a NEW email to his/her known email address asking for clarification
- Inform the IT team, via email@example.com.
- Never reply to the email you have received
- Never click on a link
- Never click or double click on an attachment
- Take a snapshot of the email using Windows built-in Snipping Tool rather than forwarding the email to someone else
Sent: Monday, December 10, 2018 10:26 AM
Subject: Urgent Request
Are you available for a quick task?
Sent from my iPhone
P.S. Thanks to our ongoing Phishing Awareness Campaigns, our employee did the right thing and sent a new email asking for clarification and notified the IT team.
Chief Information Security Officer
View or leave comments for ANR Leadership at http://ucanr.edu/sites/ANRUpdate/Comments.
This announcement is also posted and archived on the ANR Update pages.