Detecting Email Scams
Scam emails typically employ a few common tactics that you can look for to help you determine malicious intent.
As an example, we will use this phishing email, that we received at College of the Canyons, to analyze.
From: Maria Eulalia Roig Minguell <ERoigM@santpau[.]cat>
Your e-mail password expires in 2 days to retain e-mail password and details. CLICK HERE to update.
- First notice who the email is from. Do you know or recognize the name or email address?
Does the email address belong to College of the Canyons? In our example, the email
is from the domain santpau[.]cat. The College of the Canyons domain is canyons[.]edu. In this case, the sender would be considered EXTERNAL to College of the Canyons.
- Notice the language used to pressure you into reacting rather than thinking. Are
you typically only given 2 days notice that your password will expire? If you feel
like you are being pressured to react:
- Stop and think
- Phone a friend, call the Help Desk to get a second opinion
- A lot of scams rely on you clicking a link in an email. The link takes you to a web
page that may look familiar but is really controlled by the scammer. In general,
don’t click links in emails.
- In our example email above, if you place your mouse pointer over the words "CLICK HERE", you should see something to indicate the URL the link is referring to. In my example above, the link is referring to "http://my.scam.site".
If you ever receive an email that you are not sure is legitimate, you can contact the Help Desk for more assistance.
If you want to learn more tips on how to recognize and avoid scams, join me for my Information Security Training & Awareness Program (IS-TAP) workshops offered through Professional Development.
If you believe that you may have fallen victim to any scam, change your password immediately and contact the Help Desk for guidance on the next steps you should take.