Don't Be Fooled By Phisher Scams

What is phishing?

Phisher scams attempt to trick people into providing passwords or other sensitive information by imitating legitimate websites and legitimate email messages. Phishing attempts have become increasingly prevelant and more targeted.  IMSS is implementing new email security measures to counter these attacks. You can help protect yourself and your coworkers by knowing how to recognize a scam.

An obvious phish

Most people will easily recognize this example as a fake. Nevertheless, these continue to proliferate because scammers can count on that one distracted, busy, or inattentive user out of many thousands to fall for it. Don't be that one!

slow performance phish‚Äč

Pay attention to the sender and the subject

Phishing messages can come from a fake sender address or from a stolen account, so an @caltech.edu sender address does not mean the message is safe. However, this particular message purported to be official institute IT business, yet came from an outside [stolen] email account (we've changed the email address in the sample image for that person's privacy). Additionally, these types of scams commonly use capitalized subject lines with urgent language to attempt to scare victims into acting quickly, without thinking.

Poor spelling and grammar should raise a red flag

While you may encounter legitimate messages with mistakes, and a scam message could be very well written, it's quite common that these kinds of scams are riddled with spelling mistakes and poor grammar. 

Recognize and avoid deceptive web links

Similar to how the text portion of a link can say "click here" while the destination is a web site address, the link text in this case is crafted to appear to be an official support/helpdesk link, but that is actually only the text portion. The link revealed when hovering over that text is completely different. Be wary when the link text does not match the actual destination for a link, and be especially wary when the link destination is not a website you recognize.

Be particularly wary of a questionable or even ridiculous call to action

Perhaps the most blatantly obvious indicator that this is not a legitimate message is the assertion that "you need to log on service desk tickets to help fasten our investigating". The scammers are counting on users simply ignoring the message and going straight to the link.  Slow down: if you don't know why you're being asked to log in, don't do it. Better yet, avoid logging in using links sent to you via email.  Where possible, log in using a bookmark or navigate to the site via your web browser (for example, by going to the access.caltech web portal).

A more convincing example

This second example succesfully tricked a number of users into providing their login and password to scammers.

docusign phish

An @caltech.edu sender address does not mean the message is safe

Phishing scams commonly use spoofed sender addresses or stolen email accounts to make the message appear legitimate. Just because a message says it is from an "@caltech.edu" email address does not mean it actually was sent by a Caltech user. In this example, a Caltech user was tricked by a phishing scam, and that person's email account was hijacked to send out more phishing messages (we've changed the email address in the sample image for that person's privacy).

Pay close attention to where a link is taking you

Before clicking a link in an email, hover your mouse over that link and look at the destination web site address.  On a mobile device, you can press and hold a link in order to see where it goes. 

Web URL's are read left to right.  The name of the site you'll be connecting to is the part between the http:// and the next / in the URL.  The parts after that have to do with which page or function you'll be accessing on the site. In the example above, the site you would be connecting to a site named "gustshow.com" -- nothing to do with Caltech, with Microsoft, or with Office365, and definitely nothing to do with Docusign.

A legitimate Docusign would have linked to the official website for docusign (e.g. https://www.docusign.com). Phishing messages often take advantage of hacked websites or free survey form sites to create an imitiation "log in" form for collecting passwords from victims.  Even after clicking a link, double check the address bar in your web browser to make sure you ended up where you expected.

Consider who is sending you the message and why

Were you expecting to receive a document you need to sign? Do you recognize the sender appearing on this message? These scams are becoming more common. If you're not sure, verify before clicking! 

 

When in doubt, please ask

If you receive an email message that looks suspicious or questionable, you are always welcome to contact IMSS for assistance.  The Help Desk can be reached at x3500, or you can contact IMSS by opening a Help ticket at https://help.caltech.edu.  You can also contact Information Security directly by opening a Help ticket or by emailing security at caltech.edu.  More information about contacting IMSS can be found here.  We are here to help you.