Click here to access the full PDF version with screenshots.
Outlook Tips and Tricks: How to Identify a Phishing Email
Don’t Trust the Display Name
A display name can be spoofed (faked). Do not trust the display name just because it is a colleague or company you may be familiar with. Look at the email address and verify where this information came from.
The example below claims to be from William Jhung. The email came from a Gmail account. NIC Faculty and Staff would not receive an NIC Official Communication from a Gmail account.
Misleading Domain Name
A display name may look correct, but the domain part of the email address (for example, “@nic.edu” or “@gmail.com”) might be incorrect. If the domain part of the email address is not from the organization that the sender is claiming to be from or is an email that anybody can sign up for (like Gmail or Hotmail), this is a good indicator of a phishing scam. Remember that this isn’t a foolproof way of verifying that the sender is authentic. Legitimate accounts can be hacked and senders can spoof emails to appear legitimate. However, it is one extra way to avoid being tricked. If you do not see the email address, try clicking on “Reply” in Outlook to see this information and discard the draft once you have seen the sender’s email address.
This example claims to be from the “I-T helpdesk” but comes from @telus.net. Telus is the domain that the email came from. It did not come from @nic.edu. Communications from the NIC IT Help Desk will come from the NIC domain.
The next example claims to be from “Microsoft Nic Outlook”. The domain is exchangepro.com with some subdomain information. The domain that really matters when trying to verify authenticity is the very last domain after the @ symbol, which is “exchangepro.com” in this case. Although Microsoft Exchange is a Microsoft product and this domain has the word “exchange”, exchangepro.com is not a valid domain for Microsoft or NIC.
URLs: Look, Don’t Click
If you see URLs or image links within the message, you can use your mouse to hover over the URL or image, but do not click on it. You will see a pop up that shows you where this link will direct you. As an example, in the image below I am hovering over a URL claiming to be for https://login.microsoftonline.com but it actually directs to nic.edu.
In the example below, I hovered over “Verify account” and it shows a link to easybuyonline.com. This is not a Microsoft or NIC site that you would access to verify your account.
Don’t Click on Attachments
Attachments can contain viruses, malware and spyware that can damage files on your PC and steal your personal information. Do not open attachments that you were not expecting. Forwarding emails like this to additional people can cause more harm than good. It may cause other people to inadvertently click on the attachment and cause even more problems. If you are not sure if it is legitimate, please forward this to helpdesk@nic.edu for proper review and we will get back to you.
Check for Poor Spelling and/or Grammar
Usually, there is a review process for mass communications that are sent out. Although some minor mistakes may occur, a message riddled with poor spelling and grammar is a good indicator of spam and/or phishing.
Review the Signature
If there is no signature after the email message, it has a higher probability of being a phishing scam. Please keep in mind, our NIC Directory is public and it is easy to fake a signature. Having a signature does not automatically mean it is legitimate.
Emails Asking for Personal Information: You Didn’t Initiate the Action
A significant number of emails may look legitimate; however, be on high alert if it is asking you for personal information. A reputable company would not ask you for your personal information, such as a username/password, credit card number or to answer security questions by email. If you are unsure that the message is legitimate and it is from a sender you have a professional relationship with, you can contact the company through its normal channels to verify. This might be through its website or through the phone numbers of your existing contacts at that organization. When you are trying to verify, don’t reply to the email or call the phone numbers that the message contains.
The Message is Designed to Make you Panic
It is a common tactic to use fear to invoke an immediate response. When you receive emails that claim your account has been suspended or there was an unauthorized login attempt, you should verify that you are being directed to the correct place. It is likely a phishing scam attempting to get you to login to a malicious site—one that may look legitimate—to obtain your username/password. Rather than clicking the link, you can go directly to the organization’s website (like nic.edu) to verify your login information. If you are not sure if this is valid, please forward this to helpdesk@nic.edu.
The example below claims to be from an “Nic trusted source” and that not responding will result in an “Nic Violation”. This does not take you to an NIC or Microsoft site to verify your account.
Matter of Urgency
Emails indicating a matter of urgency, or asking if you are available, have a higher possibility of being a phishing scam. Please look at the from email address, hover over any links it is asking you to click on and/or forward it to helpdesk@nic.edu to verify if it is legitimate.
The example below indicates an account will be disabled within 24 hours if you do not sign in to cancel termination. The link does not take you to a Microsoft or NIC site, the email did not come from the NIC IT Help Desk or NIC IT Department, there is no NIC signature and it is branded for Microsoft, not NIC.
Wrap up
Phishing scams are becoming more prevalent every day. Our first line of defense is you. You may ask what IT is doing to try and protect your account. Here are some things we are currently doing, implementing, and that are coming.
Multi-factor authentication with Duo
- Duo couples something that you know, such as your username and password, with something that you have, such as your mobile device. This way, if someone gets a hold of your username/password and tries to login to your account, you will receive a notification on your mobile device regarding the attempted access and you can deny it. This prevents the fraudster from accessing your account. To enroll early or ask questions, contact the IT Help Desk at helpdesk@nic.edu.
Security Awareness Training
- NIC Information Technology launched a security awareness training program for all employees though KnowBe4. This self-paced course is designed to provide general security awareness training via a series of short videos. Topics include social networking, email phishing, creating strong passwords, data security, and much more. FERPA training is incorporated in this self-paced course. The training is mandatory for all NIC employees.
Reviewing Tickets, Emails, and Looking for Trends
- If you are not sure if an email is legitimate or not, you can always email the IT Help Desk at helpdesk@nic.edu and we will review the email and follow up with you.
Please keep in mind, this is not an all-encompassing list of what we do from a security standpoint. We have various security appliances, malware monitoring tools, and filters in place to try and block malicious traffic, however, nothing is ever 100% and we are always working on ways to improve security.