ANR Employees
University of California
ANR Employees

How to spot a phishing email

Don't give cybercriminals access to your data. Beware of phishing emails. Image by Mohamed Hassan from Pixabay

Phishing emails are the most common way cybercriminals attempt to gain access to an organization's systems. Spam filters will catch many of these emails, but your trained eye can easily spot the rest. Here are some tips to help you spot a phishing email and keep ANR safe from malicious actors.

Below is a suspicious email received by an ANR employee this week. The employee noticed the email seemed off and sent it to IT.  Great job at spotting the phish!

Blank subject line and poor spelling and grammar make this email suspicious.
  1. Check the sender 

This may be a legitimate UC Davis email account, but it seems weird that a random person at UC Davis would send notification of an Office 365 termination to an ANR employee. If there was an issue with an Office 365 account, notification would likely come from ANR's IT – not directly from UC Davis. Additionally, if the email sender is someone you don't know and don't normally communicate with, keep your guard up.

  1. Subject line

In our example above, the subject line is blank.  For an email notifying someone of account termination, there should be a formal subject line. This is a red flag.

  1. Poorly written

You can often tell if an email is a scam if it contains poor spelling and grammar.

A notification of account termination would be formal and checked for spelling errors and poor grammar. Informal emails on serious subjects containing awkward grammar and misspelled words are likely phishing attempts.

  1. Suspicious links

Whenever a link is sent in an email, use your mouse to hover over the link to see where it really leads.  If a hyperlink address does not match the address text, it is most certainly a phishing attempt.

In this example, the hyperlink is going to a Google Doc Form – not a URL you would normally use to log into Office 365.

Use these tips to help identify phishing emails. When in doubt – don't click a link in an email, reach out to IT or your unit director for verification of an email's legitimacy.  

Posted on Tuesday, December 20, 2022 at 2:44 PM
  • Author: Jaki Hsieh Wojan, Chief Information Security Officer
Tags: cybersecurity (12), December 2022 (10)

No Comments Posted.

Login to leave a comment.

Read more

 
E-mail
 
Webmaster Email: lforbes@ucanr.edu