Almost everyone has gotten an email message disguised with the subject or message, "Your account has been suspended." or "We need to verify your password." These subject lines coupled with a spoofed (simulated) return address of e.g., Administrator@mit.edu, Admin@ebay.com, or AccountsDept@(your bank).com can confuse the untrained "fish." Further, the messages themselves often contain logos, and trademarks that add to the deception.
When trying to determine if email is authentic or not, remember one very important detail: no legitimate company will ever send you email requesting your username, password, or any other personally identifying information.
Things to look for to verify if the email is a phishing email:
- Spelling errors and bad grammar
- Odd formatting (e.g., incorrect use of capital letters or punctuation)
- No real person's name included either in the greeting or the signature
- A return or reply-to email address that is spoofed. You can view "full headers" to see what is listed as the actual return address.
- If a password is being requested, you know the email is not legitimate. No legitimate business will ever request your password. Look at what else is being requested as well (e.g., requesting your sex and country or territory is not a legitimate customer service request)
- No mention of a phone number to call or person to contact
- Deleting an account due to lack of response: a legitimate business doesn't follow that kind of practice
- Includes a hyperlink that has an odd looking URL (for instance with a foreign country as the domain, or trying to match a legitimate web address but spelled differently)
Emails coming from such spoofed addresses as "firstname.lastname@example.org," or "email@example.com" are asking MIT community members to confirm their email accounts by supplying their username and password.
|These messages are not coming from MIT|
Although these messages may appear to be coming from MIT, they are in fact from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords. These messages are an attempt to steal your username and password for illegitimate purposes. DO NOT REPLY TO THESE MESSAGES! Just delete them.
To see examples of some of the email messages that are attempting to steal your passwords or other personal information see:
These examples show that the "reply-to" address in the email does not match the name or organization that appears in the "from" field or it is different from what you would expect. For example, an email from the IRS would come from an address that contains irs.gov, the official IRS online address. In the second example, the "from" field shows a different name from the one listed in the return address. This information can also be verified by looking at the email's full headers.
Click on thumbnails to see the full image:
Change your email password immediately. Hackers have been known to hijack an email account within 30 minutes of receiving a username and password, and using that account to send out thousands of spam messages.
There are several ways to hone your skills for recognizing phishing emails. Here are some quizzes that other companies and schools have provided for user education:
- Anti-Phishing Phil Demo from Carnegie Mellon University: http://cups.cs.cmu.edu/antiphishing_phil/new/index.html
- SonicWALL Phishing and Spam IQ Quiz: http://www.sonicwall.com/furl/phishing/