"You've got email...from the President! (or is it)? What are the warning signs?"
- The subject is vague - it provides no information but triggers a response in the reader (subject: Important Notice).
- The name is correct, but why is the email address from "outlook.com" and not "uwaterloo.ca"?
- Would you normally receive a file to download this way? Why isn't it in SharePoint or an online department folder?
- Poor grammar, punctuation, and spelling are not what you'd expect to see in a message from the President.
- Do your job duties involve the events mentioned in the email? Why should you receive this message?
Need advice? Contact the Information Systems & Technology (IST) Security Operations Centre at soc@uwaterloo.ca.
"We all like receiving surprise packages... but don't get surprised by a computer virus. If you think an email message is suspicious, don't click on links or download attached files. "
Things to consider when determining whether or not the email is a phishing attack:
- The email address (support@faxpost.com) doesn't match the company name, Deutsche Post DHL
- Was the message sent to your individual email address or to a group?
- Some email readers put a suspicious message in a special folder that disables included links. This message is trying to trick the recipients to enable these links: "If the links are not working, please move message to 'inbox' folder"
- Moving the mouse pointer over these links shows the Polish server name "willajozenfia.pl", which doesn't match the name of the German company
- Do you know anyone in Germany who would send you a package? Do you deal with German companies?
Need advice? Contact the Information Systems & Technology (IST) Security Operations Centre at soc@uwaterloo.ca.