16. Can You Spot a Phish?
‘Phishing’ emails try to fool you into giving them your account details (bank account, email account, etc.) Fake emails may also try to trick you into downloading files containing viruses and malware on to your computer.
On Monday, 5th December, a wide awake member of OUCS staff spotted a phished email account sending out bulk messages in the early hours. Around 50,000 emails were sent before OUCS stopped them. Another account started sending emails at around 4am. This time some 120,000 emails were sent before it was spotted and plugged. There were three more similar incidents that same day.
If you give away your Oxford account details, personal information from your email may be stolen to conduct identity theft, your account may become overloaded with junk mail, your email may be blocked and genuine messages may be deleted.
So, can you spot a phish?
- A generic greeting: Many fake emails begin open with a general greeting, e.g. Dear Bank Customer or Dear Email user - this may sometimes be formatted oddly or have strange capitalization - Dear oucs User.
- A forged sender’s address: Fake emails may include a forged email address in the From: field.
- A threat that something bad will happen if you don’t act immediately: e.g. claiming that your account may have been hacked and you need to respond immediately to stop it being closed down. If you are worried, use your browser, bookmarks or usual URL to go to the site's web pages, not the link in the email.
- Fake weblinks: Always check where a link is going before you click on it. Move your mouse over the link and look at its underlying URL in your browser or email status bar. Any link address visible in the message text should match the real URL it actually goes to. If not, it’s probably a spoof website that may try and collect personal details from you or install a virus or spyware on your computer. If you do click on a fake weblink but only realise afterwards, don’t enter anything and close that window down.
- Login links in an email: Never login to a University or any other system by clicking on an email link. Legitimate emails from OUCS or other organisations may sometimes mention the web addresses of login pages for information purposes but for safety you should always retype such addresses in your browser’s address line.
- Emails that look like web pages: Some emails can be made to look like a web page that is asking you to enter information.
- Deceptive URLs: Only ever enter an OUCS password on pages the initial part of whose whose address ends in .ox.ac.uk/ Avoid any web address containing an @ sign. Also beware plausible looking but false addresses e.g. www.oucs-ox-ac-uk-passwordvalidate. net
- Poor spelling and grammar: Spoof emails often contain misspellings, incorrect grammar, odd phrasing etc. Bad or strange spelling e.g. pass.wrd or passw0rd is sometimes done deliberately to try and bypass spam filters.
- Insecure connections: Any web page where you enter personal information should have an address that begins https:// The 's' stands for secure - if it's not there then you’re not in a secure web session, and you should not enter personal data.
- Attachments: As with fake links, attachments are frequently used in fake emails to hide a virus or spyware. Such attachments often arrive with an accompanying (and often cryptic or intriguing) message encouraging you to open them, e.g. Hi - here’s the schedule I promised. Never click on an attachment unless it's something you were expecting, even if it appears to come from someone you know or deal with.
- No greeting
- The senders address has nothing to do with Oxford University
- There is no mention as to which system it applies to, or what department sent it
- The size limits don't match what we have on Nexus
- Spelling is poor
- It contains threats
- 'Click Here' link goes to http://fdg9.formdesk.com/webadminofficer/form1
Please report such messages to email@example.com and include full headers
If the message claims to be from a bank, report phishing attempts to Bank Safe Online and not to OUCS; we can’t do anything ourselves.
- They want your email account details but this looks nothing like a Nexus page and the URL shows that is has nothing to do with Oxford University.