IT Committee Tech Tip: Phishing and How to Not Get Caught in the Nets
NATCA will never send any email, text, or phone call asking you to verify your account information or saying your account will expire if you do not take certain action. NATCA members should know that any email they receive containing such a request about their Union email account is phishing. NATCA’s IT Committee is a resource to help you protect yourself against phishing.
What is Email Phishing?
Email phishing is a term used to describe an email sent from a malicious third party to obtain sensitive information or steal money. These emails usually are formatted in a way that makes them sound authentic and genuine. This is often achieved by spoofing the sending address to come from an official sounding email account or position, like [email protected].
What types of Phishing are there?
There are primarily five main categories when it comes to phishing:
- General phishing – This is an email or communication sent to a large group of individuals with the purpose of deploying malware and/or compromising email accounts. These emails usually come from an already compromised account and are sent with a spoofed send address as [email protected].
- Spear Phishing – This is a targeted phishing attempt sent to a specific individual or group of people. Attackers will already have some sort of information on the recipient, such as job title, name, age, location, etc. They will use this information to make the recipient believe that the email is legitimate.
- Whaling – This can be a more serious form of spear phishing. The targets of these types of phishing will usually be high-level individuals in an organization, like the CEO or Chief of Staff.
- Smishing/vishing – This is when the attacker will utilize a phone call or text message instead of using an email. Attackers will try to impersonate support staff at a company to attempt malicious, fraudulent activity.
- Angler Phishing – This is when someone posts a fake Internet URL or link in social media that leads the victims to a site where malware can be installed in the background to the user’s computer/machine.
Recent Example of Phishing
The following is an image of email phishing that NATCA members may have received recently. In this example, NATCA’s IT Committee wants to point out two major red flags.
The first and easiest way to determine whether this is a legitimate email is to look at the from address (in the top rectangle). You can see that it is trying to come across as being from natca.net. However, thanks to recent improved technologies, because the email was sent from an alternate domain, it has carrots around the actual email address that is being used to send the phishing email.
The second major red flag is the nature/body of the email being sent. Phishing emails often ask the recipient to click on a link for some reason. In this example, it is to “confirm your password.” This link is set up so that the attacker can “skim” the credentials and compromise the account of anyone clicking the link. To be clear, you should never click on any link from any email unless you are certain about the source.
There is a technique that can allow you to see whether a link is “safe” to click on. If using a computer, you can hover your cursor over the link. You will see a small window appear that will show you where the link is going before you click it. If no window shows up, you can right click on the link and select “copy link address.” Then, using a notes app or a blank Word document, you can then paste the link and see where it is trying to take you. Again, it is highly recommended to never click on a link.
Recent Example of Spear Phishing:
This example of spear phishing was a targeted email to an individual. The attacker pretended to be former NATCA President Paul Rinaldi. Attackers often try to make the email seem legitimate. They often add a sense of urgency, so that a recipient is less likely to question the request. As before, there are some major red flags to quickly determine that this is a fake, malicious email.
Again, in the from field, we see that the attacker is pretending to be Paul, but right after the name in the carrots, we can see that the email is not from Paul.
Additionally, the ending note about “being too busy to take calls’’ is another red flag.
General tips to detecting and reading phishing emails
Phishing emails, regardless of the type, are getting increasingly creative. But that does not mean that you cannot stay ahead of them. Here are some things to remember:
- NATCA will never send you any notices or attempts to “confirm” your account. The email services we utilize for our Union also will never send such emails. If you receive an email asking to verify your account or password, or “release” your withheld emails, it is a phishing attempt. You can drag it to your junk or SPAM folder.
- NATCA representatives will never ask you to quickly go out and buy them gift cards. If someone does, please do not and report the email right away.
- If you don’t recognize the from address, and you do not expect an email coming from that individual, chances are it Is phishing, especially if you receive an email asking you to click or download something. Do not click.
- If you see a different from address in carrots next to the displayed from address, it is phishing.
If in doubt, forward the email, as an attachment, to NATCA’s IT Committee ([email protected]) and ask us to take a look and validate the email.