Question: How can you tell a genuine snap e-mail from a fake?
Answer: With difficulty!
It is not unknown for phishing e-mails to circulate the University of Aberdeen. Phishing is where an illegitimate party asks for your personal information via e-mail. This information can then be used to send on further phishing e-mails, empty your bank account or spread viruses masquerading as you.
General information & advice
As the number of phishing attacks has increased, some individuals at the University of Aberdeen have been responding. This has resulted in a number of network service failures as other organisations have blacklisted the University of Aberdeen believing it to be a security threat.
It is essential that you do not respond to any e-mails that ask for personal data unless you are in direct contact with a trusted individual.
We realise that knowing who to trust is becoming more difficult. For this reason, the following guide provides information on how to detect a phishing e-mail from a genuine one. However, the safest advice is not to respond to any e-mails asking for personal data.
You can also view a sample snap survey request to help you determine a genuine e-mail from a fake. Note that you may be asked to login.
How to test for a phishing e-mail
- Does the e-mail ask for personal details?
- Is it your e-mail address in the To: field?
- Do you recognise the address in the From field?
- Is the address in the From field realistic?
- Does your name appear in the message content?
- Have you really used your university e-mail address for your internet banking?
- Is the message in html format?
- Is the message grammatically correct?
- Does the signature correspond to the e-mail address?
- Where do the links take you to?
- What does the subject line say?
This is the first major alarm bell. Any e-mail that asks for personal information or links to an area where you can “update your information” should be considered high risk.
Check the To field at the top of the e-mail. If the e-mail isn’t addressed to you or the To field is blank, don’t proceed any further!
Check the From field at the top of the e-mail. Many phishing and SPAM e-mails are forwarded using other peoples compromised accounts. If you don’t recognise the sender’s e-mail address, be wary!
Many phishing and SPAM e-mails are sent from obscure e-mail addresses (e.g. firstname.lastname@example.org). If the From field contains an address like this, the chances are that the e-mail is high risk.
Recent phishing attacks have used the person’s name in the content making them look convincing. However, the format of the name can provide information. Are there any strange characters? If there are, be suspicious. Does your name appear exactly as your e-mail address. If so, it may have been copied from it. Most sites that you legitimately register information with require your full name which seldom appears in University e-mail addresses. These sites typically send out information addressing you by your first name or full name. This information is very hard to obtain for use in phishing.
If you receive a request from what appears to be your bank, ask yourself the question "did I really use my University e-mail address on this account?" Chances are you probably didn’t! Even if you did, banks don’t ask for login or bank details via e-mail. If you see a message appearing to come from a bank, delete it immediately!
Many phishing scams use html (high graphic content) format to lull victims into a false sense of security. This format usually contains images, logos, coloured backgrounds and coloured text. One point to note is that at the moment, the University of Aberdeen seldom sends out IT related information in this format. That is not to say that all html content e-mails are dangerous; it is essentially an additional check.
A large number of phishing scams originate from overseas and are written by people whose native tongue is not English. If there are a large number of spelling mistakes or the e-mail doesn’t read properly it is likely to be suspect. Also check for American spellings!
Does the From field say John Smith while the e-mail is signed by Tom Jones? If so, the e-mail address is probably false (and probably the signature too)!
You may receive e-mails that link you to another site to “update your details” or “register” for a new service. If you receive such an e-mail, hover over (but don’t click!) the link to see where it points to. If it doesn’t match the typed url on the page or it takes you to somewhere obscure, do not click on it and delete the e-mail! Messages from Lloyds TSB should not link to www.waccibacci.com!
You don’t have to open the e-mail to be suspicious. If the subject line says “Account Suspended” it is most likely a hoax. One thing is certain… it is not your University account! If it had been suspended, you wouldn’t be receiving any e-mails! If you see an e-mail threatening account closure and you can think of no reason why this is the case, please contact the helpdesk on (01224) 27-3636 who will be more than happy to advise. On no account respond to the e-mail!
You may also like to note that e-mail accounts are never closed due to you exceeding your quota. If you receive an e-mail indicating this you can disregard it.