Phish Bowl

Phishing is becoming an increasingly prominent social-engineering attack method that aims to obtain the sensitive information of a user or organization. This article provides information on phishing attacks, how to spot phishing emails, and how to protect yourself from being a victim of phishing.


Table of Contents


Cyber Awareness Bulletin - 9/17/2024

Kean IT has created the Cyber Awareness Bulletin, which specializes in giving brief overviews of commonly encountered cybercrime issues. The bulletin helps users take proper precautions to minimize the probability of being susceptible to cybercrime. 

Cybercrime is expected to cost the world over $10 Trillion by 2025. As a consumer, student, employee, online banker, teacher—YOU ARE A TARGET.

This bulletin will be updated periodically to explain common scams, guidelines you can use daily to protect yourself and your family, and easy actions to stay safe. Read More...


What Is Phishing

Phishing is the act of sending fraudulent emails made to appear as though they were sent from an official or trusted source. The goal of phishing is to collect sensitive information from a user such as usernames, passwords, and financial information. These emails typically contain a link to an infected website where the user's credentials are captured and can then be utilized by the attacker as they now have access to all of the user's data. Alternatively, the email could contain malware in the form of a file that when downloaded infects and corrupts the user's device.

Here is a visual representation of how a phishing attack is conducted:


How To Spot Phishing Attempts

Being able to identify phishing attempts is critical in protecting yourself from being a victim of a phishing attack. Here are some key indicators to look out for when observing a potential phishing email:

  • Generic Greetings: Phishing emails often use non-personalized greetings such as “Dear Customer” instead of addressing you by name.
  • Urgency: Messages that create a sense of urgency, such as claiming your account will be locked unless you act immediately, are red flags.
  • Suspicious Links: Hover over any links without clicking. If the URL looks unusual or does not match the supposed sender’s website, it’s likely a phishing attempt.
  • Spelling and Grammar Errors: Legitimate companies usually send professionally written emails, whereas phishing emails may contain noticeable errors.
  • Unusual Sender Address: Check the email address of the sender. Phishing emails often come from addresses that look similar to legitimate ones but may have slight alterations to trick you.

Job Scams

One of the most common forms of phishing comes in the form of the Job Scam Email. A job scam email is where fraudsters pose as recruiters or employers offering fake job opportunities. These scams often promise high-paying jobs with minimal requirements, but in reality, they are designed to steal your personal information or trick you into sending money. Unsuspecting viewers may be asked to provide their Social Security Number, bank details, or even pay upfront fees for training or background checks. Always research the company and verify job offers through official channels before providing any personal information.


General Phishing Examples

To better illustrate the scope of phishing, here are some of the most common examples that people may encounter:

  • Bank Alerts: An email claiming to be from your bank, warning you of suspicious activity and asking you to log in to verify your account. The link provided, however, leads to a fake website designed to steal your login credentials.
  • Package Delivery Scams: An email stating that a package you didn’t order is delayed and requires you to confirm your details. The link or attachment in this email or text message is often malicious.
  • Tech Support Scams: A message pretending to be from a well-known tech company, stating that your account has been compromised or has detected suspicious activity, then urging you to call a “support” number or click a link to a support center, where they will attempt to extract payment, steal credentials, or install malware.

Secure Your Account

Apart from vigilance, there are additional ways to protect yourself from becoming a victim of a phishing attack. To make sure you're safe from being compromised, follow these steps:

  • Use Multi-Factor Authentication (MFA): An MFA (such as Okta Verify) adds an extra layer of security by requiring two or more forms of verification. These verification measures can include a text message code, push notification, or a specified digit code in addition to your password.
  • Use Strong, Unique Passwords: Avoid using the same password across multiple sites. A strong password should include a mix of letters, numbers, and special characters to maximize protection.
  • Regularly Monitor Your Accounts: Keep an eye on your bank and credit card statements for any unauthorized transactions.
  • Be Wary of Unsolicited Requests: Never provide personal information in response to unsolicited emails or phone calls. Always verify the request through official channels.

Example Email

The following is an example of what a common phishing email seen here at Kean University looks like, as we've been receiving reports of phishing emails that have this format. In this example, the email appears to be a message regarding a user's academic record with an attachment containing a PDF file. If you start to inspect the email in detail, many noticable errors and red flags can be seen. To start, there are numerous grammatical errors throughout the email. Some of these errors include the non-capitalized 'kean' and missing punctuation throughout. Additionally, the email has no proper formatting which gives off an unprofessional appearance.

When viewing emails, it's important to note how it looks in comparison to the usual emails you recieve from Kean University. Proper formating and styling are used in official emails, such as signatures and the implementation of Kean University imagery. Another way to verify if an email is legitimate is to look at the sender's email address or name. If the sender is someone you've never contacted before or heard of, there's a high chance that the sender is a fraudster. To exercise caution, never open attachments or files within emails from an unknown sender, along with never clicking links from an unknown sender. The most common form of phishing is utilizing links or email attachments to harvest personal data.

Always remember to double-check an email if it appears to be out of the ordinary. Utilize the steps in this article to help protect yourself from being a victim of a phishing attack. THINK BEFORE YOU CLICK.

Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.