TECHNews

The Office of Information Technology's blog.

Using the Hovering Technique to Identify Phishing Attacks

Posted on: April 3rd, 2014 by Deetra Wiley

DOUBLE CLICK ON IMAGE to take a closer look.  This is a sample phishing email from Verizon Wireless. By  hovering  the link, you can see this is not the legitimate URL for Verizon Wireless.

This is a sample phishing email from Verizon Wireless.
By hovering the link, you can see this is not the legitimate URL for Verizon Wireless.

Have you ever received an email requesting your personal information or encouraging you to click on a link?  If so, such email could be a phishing attack – a criminally fraudulent attempt to trick, mislead, or persuade you into disclosing your personal information. Phishing may be in the form of a URL, pop-up, text message, telephone call, etc.  One way to avoid becoming a victim of phishing is to practice hovering over links in order to inspect them before clicking.

Why Are Phishing Attacks Dangerous?

You are at risk of having your identity stolen and your personal assets hijacked when you click on links within phishing emails and respond to requests such as “enter your WebID/password”  or “provide your bank account information.”   For example, your UM WebID and password could be stolen, giving someone else access to everything you do online at the University of Mississippi.  Phishing attacks usually appear to come from a legitimate  source (University of MS, the IT Helpdesk, or your bank) and often express a sense of urgency for you to enter your personal information:  “your account will be blocked”;  “account validation is required immediately.”

Other red flags may include spelling and grammar errors,  your email address listed in the “From” area of an email, missing punctuation in URLs,  and the use of plain text (absence of  logos).

How Do I Identify Phishing?  

Hovering your mouse over links is one technique used to identify phishing attacks on websites or in emails.  When you rest the pointer over the item (link or name in the “From” column) without clicking,  you can see more information.  You will be able to view if the email or link is recognizable.  For example, olemiss.edu would not come from olemiss.com. Additionally, the University will never send emails asking for  your account or personal information , to verify your login credentials, etc.  If  the email appears to come from a known source, but you are still in doubt, contact the source directly to inquire about it.

Phishers can make emails look authentic, but you should practice being suspicious and cautious of possible phishing attacks.   See the following examples that you may have  received on our campus:

Email “Subjects”:

  • “Re-Validate Your myOleMiss WebID/Password”
  • “View Your 2015 Upcoming Pay Raise Increase”
  • “Webmail Upgrade”
  • No subject

Email “From” Addresses:

  • “Email Support Team”
  • “IT Helpdesk support .com”
  • “Ole Miss  Security”
  • Unrecognizable Email address

Email Body:

  • Provide the following information to view important information regarding your Bancorp South account:  Username:        Password:
  • “ http//myolemis<>login<portal”  ( illegitimate link – correct format (http://) not used, myOleMiss misspelled, uses  “<,>” symbols)
  • “http://newwidjets.com/olemiss.edu/login.php” (This is a phishing URL that has olemiss.edu in it, but olemiss.edu is in the wrong place.) Important tip for hovering over links to websites that are hosted by the University of MS:  Always look for olemiss.edu to come immediately after http:// or .olemiss.edu to follow https://name of a UM Web server (i.e., before the first single forward slash, e.g.,  http://olemiss.edu/ or https://secure1.olemiss.edu/).
Screentshot Hovering Full Details

The UM hosted URL form “http://something.olemiss.edu ” where something can be           replaced with “secure1,” or “english,” or “www,” etc., can be trusted. Trusted UM           hosted  URL examples:  https://english.olemiss.edu/…, http://www.olemiss.edu/…,            http://olemiss.edu/…, etc.)

 

 

 

 

 

 

                                       How do Phishers Retrieve My Email Address? 

Phishers may perform detailed research using directories or a database of email addresses obtained from Internet service providers, government agencies, employers, etc.  For example, phishers may target geographical regions and locate employers that may have email addresses listed.  Bottom line, this information (your email address) may be available anywhere making you a possible target. However, you can protect your information by using such tactics as hovering and increasing your knowledge of identifying phishing attacks.

How Do I Report a Possible Phishing Attack?

If you suspect that you may be a victim of phishing, expand the header and forward the email to complaint@olemiss.edu or contact David Drewrey at 662-915-5210.  Then, delete the email from your Inbox.

If you should have any questions about more preventive phishing tactics and solutions to handling or decreasing phishing attacks, please contact the IT Helpdesk at helpdesk@olemiss.edu or 662-915-5222.  If you think you have released your personal information to some form of phishing:  Directly contact the sender (if known) or the business via the correct email address, contact information located on the actual web site, etc.; DO NOT reply to the email or follow links in the email.  Other possible  precautions are to change your password and talk to representatives to place alerts on your credit reports/bank accounts. For more information on phishing, visit the IT Security website. See other related articles:  Online UM Security Awareness Training and Protect Your UM Passwords .

Tags: , , , , ,