Identifying Spam and Phishing Attempts

It can sometimes be difficult to determine the legitimacy of an email. Here are some tips to help you identify whether or not an e-mail is spam. 

There is one very important to remember when determining if an email is Spam:

• The Office of Information Technology will never ask for your password. 

The only person that should know your password is you. You should never tell your password to anyone. Additionally, you should only log into a website with your NetID if the website address is at unr.edu.

Below is an example of a potential Spam email:

From: System Administrator [support@helpdesk.com]
Sent: Thursday, May 02, 2010 14:17
Subject: Email Account Upgrade

Dear Email User,

This email is to inform you that we are upgrading our system webmail and every email users are required to fill and summit their information in the secure link provided below:

http://f8g3kr.u76.ru

There have been several phishing attempts and attacks and we have built a more reliable software, antivirus, filter to blocked and automatically delete every phishing emails before it reaches your email account.

Failure to click this link and upgrade your account before it expires may result in loss of important information in your mailbox/or cause limited access to it for 3weeks.

Thanks,
Helpdesk

Things to Look for When Spotting Spam Messages

Does the email make logical sense?

OIT is here to serve your needs. We have ultimate control over the infrastructure and accounts in use on the University network. Therefore, it makes no sense that we would need you to log into your account before we upgrade a system. Our network controllers (of which we deliberately have very few) have administrative rights over the network - they do not need to know your password to make any changes.

Additionally, OIT gets informed of the admissions and exits of all students and employees via the databases controlled by HR and Student Services. This is how we know whether to deactivate an account or not. Your account will not expire while you are still an active member of the University. Even if you don't log into your e-mail account for many years, as long as you are affiliated to the University, your e-mail address will remain active.

Who is the email from?

Looking at the "From" address of an e-mail can often tell you if it is legitimate or not. The University will only send users an e-mail from an @unr.edu email address. It is possible to spoof the from address so that it appears to come from somewhere else. Therefore, this tell-tale sign should not be the only method used to decide whether something is legitimate or not.

Do the links look legitimate?

Many Spam emails will ask you to click on a link within the email. It is important to look and see where the link is going to take you. The one in the example e-mail is obviously suspicious - there is no way that the University would want you to access a website hosted on a Russian (.ru) server. Again, these links can be obviously spoofed:

https://www.unr.edu

Hovering your mouse over the link will tell you where you are really being directed. If the two do not match, do not click on it. If in doubt, do not click on the link - it is one of the biggest causes of malware on a computer.

Check the spelling and grammar

Technicians in OIT are not known for their ability to write eloquent prose. As a result, any e-mails we plan on sending to a large number of people are routinely checked by multiple members of the department before the public sees them. As a result, we can be fairly confident that the spelling and grammar of these e-mails is quite good. The example e-mail above clearly has terrible spelling ("relible") and grammar ("summit their information"), and should be seen as instantly suspicious.

Is the email overly generic?

The final area to look at is the overall feel of the e-mail. Phishing e-mails are written to be read by many thousands of people. Therefore, they rarely contain any specific information. The example email above does not mention the University, the type of e-mail system in use (Exchange), and is signed using only the name "Helpdesk". An e-mail sent by the University IT department will always have a specific signature, with a name and phone number so that you can call to check the legitimacy of the information.