Don’t Get Hooked by a Phishing Scam!

Chances are you may have been a victim of a phishing attack, whether you knew it or not.

Phishing is a technique used to deceive users in an attempt to obtain confidential information (usernames, passwords, financial information). Phishing attacks use fake e-mails, text messages, and websites that impersonate authentic sources. Clues that signify it is a not a legitimate e-mail include:

Time stamp – the message will arrive at strange times, outside of normal business hours,
Spelling and grammatical errors,
Non-personalized, generic greeting,
No detailed contact information provided,
Message creates a sense of urgency to respond,
The link provided is different than the web site address you see when you move your cursor over the link with your mouse pointer,
The message will request some form of personal information.

There are many variations of phishing messages. Two recent scams have used calendar invites and airline ticket confirmation requests to try and trick people into clicking on the links or divulging personal information. The two messages below have some of the clues highlighted.

Note: the following examples are real phishing e-mails that were sent to ESDC employees. To provide you with authentic examples and demonstrate how they appear to employees these messages were not translated.

: Generic greeting

Dear Customer,

Your credit card has been successfully processed.

: Creates sense of urgency to respond

FLIGHT NUMBER DT628190172US

ELECTRONIC 628190172

DATE and TIME / FEB 19, 2013, 12:45 AM

ARRIVING / Washington

TOTAL PRICE / 429.33 USD

: Suspicious links

Please donwload and print your ticket from the following URL:

https://www.delta.com/flifl/servlet/DeltaDlTicket?airline_code=DL_flight_number_
=DT628190172US_flight_date=02/18/2013_request=main

For more information regarding your order, contact us by visiting:

https://www.delta.com/content/www/en_US/support/talk-to-us.html

: No detailed contact information provided

Thank you

Delta Airlines

: Generic greeting

: Bonjour,

: Portrays a tragic story that plays on emotions

: Canadienne,je suis orpheline et je vie dans un camp de réfugier .Mon père étant exploitant minier avais travailler plusieurs années dans ce pays ou il regorgeais assez d'or.avec des associées,mais malheureusement mes parents sont mort dans la guerre.

Makes a strange offer involving large sum of money

Spelling and grammatical errors

: J'ai hérité de la somme total de 11 000 000 00$ que mon père avais loger dans une valise métallique et déposer à la DHL pendant la guerre.Comme mon age ne me permet pas de m'occuper de cette opération,raison pour laquelle je vous contact afin que vous m'aidiez à retirer la valise de DHL pour expédier chez vous.Après la réception je vous ferais parvenir le code d'ouverture,pour vous permettre d'ouvrir.Je propose 35% ,Est-ce que cela vous arrange? le reste vous ouvrer un compte pour loger ma part afin d'assurer mon avenir.

: No detailed contact information provided

: J'attends votre réponse afin de vous plus de détaille.
Cordialement
Louise

Remember that legitimate organizations will never ask you to supply personal information via e-mail. When in doubt, call the individual or the organization, or visit their website, to confirm the request using a verified telephone number or web address from another source. Do not use contact information provided in the message.

If you do receive a suspected phishing message, do not click on any links and do not respond to the e-mail. Report it using the Outlook button “Report this E-Mail-Phishing”.

If you have any questions or require additional information, visit Security on iService or e-mail the IT Security Centre of Excellence at: NA-ITSCOE-CEMSTI-GD.