How To Identify Emails SPAM, Phishing, Fraud, Spoofing

    Historically, some of our colleagues fell victim to a type of cyber attack called "phishing." Phishing attacks are designed to trick individuals into revealing sensitive information or clicking on malicious links and typing personal information, which can have serious consequences for our organization's data and our personal online safety. They're very similar to other attacks, like spoofing, spamming, fraud, and other ways of trying to trick the email's recipient.

    We can also learn how to report SPAM and Encrypt Emails, without needing to open an IT ticket!

    Never forward an email that is thought might be malicious to anybody, including IT.  This includes screenshots. An email's recipient must first invest due diligence into verifying the authenticity of their email before forwarding/spreading it to others.

   If and when an email needs to be forwarded to IT for audit via ticketing, it's going to be because:

1. The recipient's due diligence at auditing the message they received failed, resulting in a compromise.
2. The email's recipient positively identified the email as malicious and is asking for its sender to be blocked/blacklisted.
3. The message was audited as safe from the recipient and the recipient is forwarding the email to IT to request its sender be allowed/whitelisted.
4. There are no other reasons to forward an email to IT for audit.
5. If IT receives a ticket that does not include details of the recipient's results behind due diligence at audit, IT will reject the ticket and forward it to management for coaching.

Why don't we just forward it to IT and ask IT to audit the email?

    IT audits its own questionable emails as this is a required skillset of all, in any workforce or industry. This is a very simple, non-technical skill of verification that all in the workforce must be able to handle on their own. Security, on this talking point, starts in our Inbox, and within the mind of the email's recipient.

All employees are responsible for having this basic, modern workforce skillset. Without this basic skill, a company can be revealed as secure is its least familiar teammate. If IT audits these on behalf of recipients, the recipient is never putting into real-world practice the very skill most popularly used to keep themselves and their team safe.

   When IT receives a request to audit, IT must go through a vigorous verification and documentation routine which can take nearly 30 minutes per inquiry. Multiply this by ~3 inquiries per day, and now IT is spending up to 90 minutes every day writing up reports about an email that the recipient should have audited on their own. Over a course of the week, in this example, an entire 8 hour day was spent auditing an email and documenting discoveries.

    Below are some additional helpful tips to help us recognize potential phishing attacks:

Talking Points:

1. Phishing attacks aim to trick us into sharing sensitive information or clicking on harmful links.
   • Example: Intuit, a known popular finance program, "sends us an email" going over an employee handbook, behaving as if they're HR. It doesn't make sense for a finance program to be emailing anybody about HR topics. Instant red flag. ?
2. Cyber criminals often impersonate trusted entities such as real estate partners, banks, online services, friends, family, or colleagues, to gain our trust.
3. Falling victim to a phishing attack can lead to data breaches, financial loss, and other negative consequences.
4. Hackers hack people, not technology. Sure, they're technically knowledgeable, but they are actually masters of the mind. They set the technical stage to take advantage of the human mind.

Steps for a Critical Eye:

1. Examine the sender's email address, take note of the domain name.
2. Double-check the sender's email address to ensure it matches the expected contact, or if it might be a case of impersonation.
3. Check the domain name's website to ensure alignment with context.
4. Be cautious of slight misspellings or variations in domain names, as attackers may try to mimic legitimate addresses.

Look for red flags in the email content:

1. Beware of urgent or overly threatening language, as attackers often use fear to manipulate victims.
2. Check for grammatical errors, unusual phrasing, or poor formatting, which can indicate a phishing attempt.
3. Be cautious of requests for personal information or sensitive data. Legitimate organizations rarely ask for such details via email.

Hover before clicking:

1. Before clicking on any links in an email, hover the mouse cursor over them to reveal the actual URL. Take note of its primary domain name, and make sure that domain name matches the identity of the sender's email, intent, or contextual match.
2. Ensure the displayed URL matches the expected destination. If it looks suspicious or unfamiliar, avoid clicking. For example, micrasoft.com vs. microsoft.com.

Avoid downloading attachments from unknown sources:

1. Should an email not look right to begin with, certainly do not download any attachments nor open those attachments.
2. Be wary of email attachments from unfamiliar senders, especially if they prompt us to enable macros or run executable files.
3. If in doubt, contact the sender directly through a trusted method to confirm the legitimacy of the attachment.

Important Tips:

1. Call or reach out to the sender using an alternative means of contact, usually provided on their website or within their signature line.
   • This way if they are compromised, they can have a chance to verify the email via alternative communications methods.
   • Use the domain name noted and browse their website. Look for phone numbers and other methods of reaching out to them like a Contact Us, an info@email.com email address, etc. Call and reach out to the sender, the sender's company, the sender's website directly and verify intent.
2. Search and research the email's history.
   • Have you received emails from the sender in the past?
   • Have you received emails similar to this one before?
   • Does the sender match the content?
     • Received an email from noreply@curlytoes.com telling you that your OneDrive is almost full.
       • Why is CurlyToes.com sending you anything related to Microsoft's OneDrive?
       • If it doesn't make sense, it's likely a phish.
   • Is there a reasonable, rational, and logical trigger for the email?
3. Enable multi-factor authentication (MFA) for all of one's accounts whenever possible, adding an extra layer of security. This can be done here: http://aka.ms/mfasetup (verify with this URL directly on Microsoft's website, here).
4. Regularly update passwords, using a combination of letters, numbers, and symbols.
5. Be cautious when sharing personal or sensitive information online, even if the request seems legitimate.
   1. If one receive something similar to a file share and it's asking us to login, don't just instantly start typing the Office 365 email address and password. First make absolute certain that this is a true Office 365 login by reviewing the URL asking for the details.
   2. Usually every password we might type (if a malicious website) will be "wrong." This will make the recipient type again, more carefully, their login credentials -- making absolute certain that those behaving in bad faith know the password precisely. They just got it twice, in this example, maybe more as the user tries even harder to ensure what they're typing on this malicious website precisely matches their true Office 365 login credentials.
6. Report suspicious emails or phishing attempts to our IT department immediately.

    If one suspects they fell victim to a phishing attempt, please report it to IT immediately by forwarding the email to it@robinson-park.com and create a ticket. This way the forward only went to 1 other teammate (IT), already audited with the findings of its recipient. The focus here is to solve the issue ASAP without spreading/forwarding the content to others, even to verify.

    Stay safe and secure!