Detecting scams

click to take phishing quiz

What is Phishing?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organisation. An attacker may send an email seemingly from a reputable organisation (e.g. UCC, An Post, iTunes) requesting account information or suggesting there is a problem. They then use the requested information to gain access to your account or network.

  • Be SUSPICIOUS of emails that ask for personal or company information
  • NEVER send your password or personal information in response to an email 
  • Do NOT click on links in an email that you are suspicious of 
  • If you are unsure whether the email is legitimate contact the company directly to verify it 
  • NEVER open attachments of suspect emails
  • Delete the email

See the worked example below

Tips for detecting email scams

Scammers sometimes use words, phrases, and terminology that are obviously wrong for the subject-matter. They also often use bad grammar and spelling. This is sometimes intentional, designed to act as a red flag to the wary user that this really is a scam (aimed at the unwary), and that the wary can safely delete it.

By contrast, the design of scam emails is often very sophisticated, using the right logos, colours, and layout for the organisation they are trying to masquerade as.

There is a useful list of links to pages about security, safety, and social engineering (phishing) on our Stay Safe Online page.

When you receive an unexpected email, read it carefully, as it will usually contain one or more of the following warning signs. Remember that a genuine message from UCC IT Services will NEVER ask for your login details in an email.

Who's it from?
  • Is it from someone you know (or at least recognise)?
  • Is it about something in their area of responsibility?
  • Is their actual email address (not their name) genuine?
What's it about?
  • Does the subject use conventional words and phrases?
  • Does the subject start with "Re:" or "Fwd" even though you have never received the original?
  • Is the subject literate and comprehensible?
  • Is it written in an appropriate tone of voice?
  • Are there exclamation marks in the subject?
Is it literate? — this is a university, where common literacy is expected: scammers know this, and deliberately use bad grammar and  misspellings as a signal to the literate that this is a scam they can safely ignore — the people the scammers are trying to trap are the semi-literate who will not spot the deliberate mistakes!
  • Do the sentences omit verbs, articles, or prepositions?
  • Is the text inconsistently punctuated or capitalised?
  • Does it make sense?
  • Is there an implicit threat if you don't do something?
Links
  • Does the message contain a link that they ask you to click on?
  • Hover on the link without clicking it, and carefully check the URL (web address) displayed in a floating window or at the bottom of your screen — it is a link to a non-UCC address?
Signature
  • Is is signed by the same person as the Sender or From address?
  • Is it signed by someone or some office outside UCC?
  • A message from UCC IT Services will not contain any company copyright notices

All these are classical warnings that the message is a scam and should be deleted immediately.

Worked example of scam detection

  1. It starts with the headers — first, who sent it:

    From: Sucher, Theresa L <Theresa.L.Sucher@ehi.com>
    

    Why would you be getting a message from someone at the holding company that owns Enterprise, Alamo, and National car rentals? It isn't from them, of course, the scammer has just faked the address.

    From: Colleague, Current <someoneyouknow@ucc.ie>
    

    If it's a UCC address, is it really likely that this person would be emailing you, especially about IT Services subjects like email updates, changing password, rejected email, or imminent closure of your account (something we don't do)? Many scams use on-campus addresses that are likely to allay your fears.

  2. Then what it's about:

    Subject: RE: Help Desk Alert.
    

    If you didn't get a preceding message with the Subject "Help Desk Alert" then there is no good reason why you should suddenly get one with a "RE:" prefix. Capitalising the "Alert" is also a warning that this came from a foreign source unfamiliar with English.

  3. And then who it's sent to:

    To: Sucher, Theresa L <Theresa.L.Sucher@ehi.com>
    

    If the email is really to you, why does it say that it's going to the same person that claims to have sent it?

    If it says it was sent by a mailing list, is it likely that a genuine email about IT would be sent to that list?

  4. Does the rest of the header make sense?

    Check the date: is it really likely that we would be sending messages at 3.00am?

    Why would a message FROM the sender TO the sender be quoted as if it had been forwarded? Especially since the Subject starts with "RE:", not "FWD:"

  5. Now we look at the text body:

    Dear Email User,
    

    We don't address our users in this manner. At least, I hope not. 

  6. How does it read?

    Your password Will Expire In The Next TWO {2} Days
    

    The real giveaway is that the message is barely literate. Misspelling, mispunctuation, and illiteracy are used as signals by phishers and other scammers to literate recipients that they may safely ignore this message — it's really targeted at the semi-literate population who won't notice the mistakes and will swallow the bait whole.

  7. Does it use unusual phrasing?

    Current Faculty
    

    We don't use the US term "faculty" to mean "academic staff".

  8. Are there enticing-looking links?

                    and Staff Should Please Log On To IT
    WEBSITE http://scdsfcsd.form2pay.com/172356.html
    

    We are ucc.ie, not form2pay.com so this is clearly bogus.

  9. Is there an implicit or explicit threat?

    To Validate Your E-mail Address And Password,Or Your E-mail Address 
    Will Be Deactivated.Thank You.
    

    We don't threaten users. More capitalisation, too.

  10. Who's it signed by?

    ITS help desk
    ADMIN TEAM
    

    We don't have this designation.

  11. Is there a faulty attribution?

    ©Copyright 2015 Microsoft All Right Reserved.
    

    We do not add copyright statements to email messages, least of all when it's not relevant.

  12. Signatures:

    CONFIDENTIALITY NOTICE: This e-mail and any files transmitted with it 
    are intended solely for the use of the individual or entity to whom 
    they are addressed and may contain confidential and privileged 
    information protected by law. If you received this e-mail in error, 
    any review, use, dissemination, distribution, or copying of the e-mail 
    is strictly prohibited. Please notify the sender immediately by return 
    e-mail and delete all copies from your system.
    

    Bogus disclaimers are an indication of novice users, as well as of scammers trying to look as if they know what they are doing.

IT Services Department

Room 3.34, 4th floor, Main Campus, Science Building (Kane) , College Road , T12 YN60

Top