« New Games for VR Kits | Main | PowerPoint Pointer »

Spoofing

Last week we had a little flurry of spoofed email messages where the sender that displayed didn't really match the actual sender of the message. These spoofed email messages are designed to look and feel like they're coming from someone you know and trust so that you will click on the nastiness that they contain or share info that you shouldn't. Sometimes they are very, very, VERY convincing.

GiveMeYourFish
What can you do to protect yourself?

Read thoroughly before clicking 
  • be SKEPTICAL, especially of documents or links you weren't expecting
  • watch for spelling and grammar errors
  • think about whether you expected the message and whether it makes sense
If you receive a questionable message...
  • call the sender (Always call. Do not use email to check whether something is legitimate.)
  • DO NOT forward or reply to the questionable message (unless you are specifically requested to do so by the Help Desk)
If you're feeling techie... you can view the message details in O365 to see who really sent it
    • Click on the "..." and choose "View message details"
    • Ctrl-A to select all the text
    • Ctrl-F to "Find" ---- search for "Return-Path"
    • If the Return-Path does not match the "From" field and is something unexpected, the message may be suspect
      (for example, if it appeared to be sent by your coworker, but the return path is "golfpro@something.com", you'd be right to be skeptical!)
    • Even if the sender is legit, their account may be compromised the email may be malicious
If it turns out that the questionable message is NOT legit, right-click, mark it as junk (and click "Report" if prompted).
 
Other tips
  • Set a secure password for your email and don't use that same password for other services
  • If you think your account may have been compromised, change your password
  • If you have questions about an email you've received, contact the Help Desk
Want to practice spotting Phishing or Spoofed emails? Check out this previous TechBits post for phishing quizzes and tips!
 
 
 

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment