The Phish Commish Says: That Link Might Stink

With all the email we get, it’s no wonder we skim our messages, scanning for the meaningful bits. Hyperlinks jump out as something actionable, often presenting commands like “Log in to Your Account” or “Check the Status of Your Package”. Even without imperatives, underlined, blue text just beckons us to click and obey: See link. Click link. Buttons are enticing too: Nice button. Click button. Habit. That’s where it gets you.

Red button that says click here! and points to a Rick Roll

As we’ve learned, not all links deliver what they promise. In fact, a link can stink:

  • By hiding a malicious download that infects your computer with malware, spyware or ransomware
  • By taking you to a simulated website, like your bank, where you log in and the bad guys capture your credentials or account information

It’s not always clear where a link is leading you. Look for these red flags:

1) I hover my mouse over a hyperlink that’s displayed in the email message, but the link-to address is for a different website. 2) I received an email that only has long hyperlinks with no further information, and the rest of the email is blank. 3) I received an email with a hyperlink that is a misspelling of a known website. For instance, www.bankofarnerica.com -- the “m” is really two characters -- “r” and “n.”

If a link doesn’t pass the sniff test, dump the email and have another Peep.

Image of a Peeps candy with a caption that reads in French 'this is not a peep'

March Training Recap
Last month, the phishing training email from “CEO” only tripped up 1% of us - not bad at all! Here are the red flags you likely noticed when it arrived:

SUBJECT: 1) “Important Request” -- This is a suspicious subject line because it emphasizes urgency. The IRS says this is one of the most common subject lines in tax-related phishing emails. SENDER: 2) “CEO@udayton.edu” -- There is no “CEO” per se in our institution. This is a give-away that the actual sender does not know UD and is faking an identity. REPLY TO: 3) If you started a reply to the email, you would have seen that the return address is different: CEO@udayton-edu.org This address is suspicious because it does not match the From address and because its format is unusual. True UD email addresses only use “@udayton.edu” and “@udri.udayton.edu”. LINKS: 4) If you hovered on the link in the message, you would have seen that it goes to a non-UD, non-https URL that suggests a login page will result -- all signs of a possibly dangerous link: http://employeeportal.net-login.com/XcmVDjaXBpZ...

Previous Post

Keeping Apple Devices Virus Free

Learn how to keep malicious apps and viruses off your Apple devices.

Read More
Next Post

Scam of the Month: Tech Support Sabotage

Find out how to detect tech support scams.

Read More