Difference between revisions of "Phishing and Spoofing-Masquerading Spam"

 
(114 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
{{messagebox|
 +
  type=stop|
 +
  STOP!  READ HERE FIRST:  This page contains instructions for '''''Computer Science Department'' affiliates''' only|
 +
  2=<br>
 +
If you are '''''not affiliated''''' with the ''Johns Hopkins University '''Computer Science Department''''', this is '''''not''''' the right resource for you.  Instead, please  see [https://johnshopkins.service-now.com/serviceportal?id=kb_article&sys_id=59e4b648db2d7b84e6cfdb85ca96199d JHU IT's page on how to report spam] for further instructions.<br/>
 +
<br>
 +
  If you are a Computer Science affiliate, please read on...
 +
}}
 +
 
==Phishing==
 
==Phishing==
  
:Phishing can generally be defined as non-legitimate email you receive that tries to get you to provide the sender some type of personal information. The sender is "fishing" for info from you.  
+
:Phishing can generally be defined as ''non''-legitimate email you receive that tries to get you to provide the sender something personal. The sender is generally ''"fishing"'' for something from you, typically, one of the following...
 +
 
 +
*'''info''' (including personal info, login credentials, or alternate contact info, e.g. cell #)
 +
* '''money''' (including gift cards)
  
What are some elements of phishing email?
+
:What are some elements that make up phishing email?
  
* It could be in the form of an html-based email with a login page embedded.  
+
* It could be in the form of an ''html-based'' email with a ''login page'' embedded.  
  
* It could be something as simple as someone emailing you requesting you to send them info directly.  
+
* It could be something as simple as someone emailing you requesting you to ''send them info'' directly.  
**And sometimes, the sender might have first created an account, like a gmail account, that looks ''similar'' to one you might already know, but not exactly the same.
+
**And sometimes, the sender might have first created an email address, like a gmail address, that looks ''similar'' to one you might already know... but not exactly the same.
**Or it might be a masqueraded sender address.  See the Spoofing (Masquerading)/Spear Phishing section below.
+
**Or it might be a ''masqueraded'' sender address.  See the Spoofing (Masquerading)/Spear Phishing section below.
  
* A phishing email might have a link to a login or info request page.
+
* A phishing email might have a ''link'' to a ''login'' or ''info request'' page.
  
 
: The above are just some examples of characteristics of phishing emails.
 
: The above are just some examples of characteristics of phishing emails.
  
:It is very important that you examine ''all'' incoming email to make sure it comes from a legitimate source. Your mail client should provide you a way to look at full mail or message headers so you can see if what you think is a legit address in the From: part of your message is actually the real address the sender is sending from. If you're unsure about an email, you should look up the person's email address off an official website (my.jh.edu, etc.) and use the looked-up address to contact the email originator to confirm the email request. Remember, these spammers might simply change even one character in their own email email address from an email address you might recognize.
+
: (Later in this page, we will provide you instructions for reporting phishing email to the appropriate groups.)
 +
 
 +
==Be Wary...==
 +
 
 +
:It is very important that you examine ''all'' incoming email to make sure it comes from a legitimate source.  
 +
 
 +
:Your mail client should provide you a way to look at ''full mail or message headers'' so you can see if what you ''think'' is a legit address in the '''From:''' part of your message is actually the ''real'' address the sender is sending from.
 +
 
 +
:If you're unsure about an email, you should look up the person's email address off an official website (my.jh.edu, etc.) and use the looked-up address to contact the email originator to confirm the email request. Remember, these ''spammers might simply change even one character in their own email address'' from an email address you might already recognize.
  
:If your email has a link to a page, the text for the link you see in your email maybe not be where the link actually takes you.  '''Examine the link carefully.'''  If you're at a computer, you might be able to hover your pointer over the link to see its true URL.
+
:If your email has a ''link'' to a web page, the text for the link you see in your email may ''not'' be where the link actually takes you.  '''Examine the link carefully.'''  If you're at a computer, you might be able to hover your pointer over the link to see its true URL.
  
Also, look for spelling or grammatical errors in an email.  Sometimes, those could indicate that the email is not from a legitimate source.
+
:Also, look for ''spelling'' or ''grammatical'' errors in an email.  Sometimes, those could indicate that the email is not from a legitimate source.
  
 
==Spoofing (Masquerading)/Spear Phishing==
 
==Spoofing (Masquerading)/Spear Phishing==
Line 31: Line 51:
 
::Spear Phishing is a ''very dangerous type of email,'' and it's easy to fall prey to it. It has become a common personal information-fishing tactic.  And... it's also a very easy thing for a spammer to do.  
 
::Spear Phishing is a ''very dangerous type of email,'' and it's easy to fall prey to it. It has become a common personal information-fishing tactic.  And... it's also a very easy thing for a spammer to do.  
  
::Spammers can make the From: address in your email look like any name or email address, like that of your trusted friend, family member, co-worker, etc.  However, the actual e-mail was sent by the spammer.  Examining the full mail headers for your email (different methods for each email client), can help you determine the actual sender's (spammer's) email address.  (And it's also possible that the spammer's email address you see in the headers might not actually belong to the spammer, but rather and meial address the spammer has stolen.)
+
::Spammers can make the '''''From:''''' address in your email look like '''''any''''' name or email address, like that of your trusted friend, family member, co-worker, etc.  However, the actual e-mail was sent by the spammer.  Examining the full mail headers for your email (different methods for each email client), can help you determine the actual sender's (spammer's) email address.  (And it's also possible that the spammer's email address you see in the headers might not actually belong to the spammer, but rather another email address the spammer has stolen.)
  
:: If you receive email that looks like it comes from someone you know, but the message content seems suspicious in some way, examine the mail headers for the actual sender's email address, to be sure it's legitimate.  If you receive email asking for personally identifiable information, financial info, login credentials, etc., be wary, and make sure you are replying to the legitimate audience.
+
:: If you receive email that looks like it comes from someone you know, but the '''''message content seems suspicious''''' in some way, '''examine''' the mail carefully, including the mail headers for the actual sender's email address, to be sure it's legitimate.  If you receive email asking for ''personally identifiable information'', ''financial info'', ''login credentials'', etc., be wary, and make sure you are replying to the legitimate audience.
  
 
::''If you are not sure if the email is legit,'' contact the "sender" by an alternate means, e.g, by phone (a phone number you know is legit) or send a separate email to that individual (do not just click reply on the suspicious email) using an email address you know for that individual.
 
::''If you are not sure if the email is legit,'' contact the "sender" by an alternate means, e.g, by phone (a phone number you know is legit) or send a separate email to that individual (do not just click reply on the suspicious email) using an email address you know for that individual.
  
 
==If You Receive Phishing/Spoofing Email...==
 
==If You Receive Phishing/Spoofing Email...==
:If you receive phishing/spoofing email , especially if it's requesting you to log in to the JHU login page, please be wary of it, and if you think it's not legit, '''don't click on any included links there!'''  However, please do forward it (and any mail headers, if possible, by forwarding it ''as an attachment''), to [mailto:spam@jhu.edu spam@jhu.edu] so that JHU can examine it and take proper action. ''Additionally,'' when you forward the spam email to JHU, also cc: [mailto:wsehelp@jhu.edu wsehelp@jhu.edu] (WSE IT's helpdesk.)
+
:If you receive phishing/spoofing email , especially if it's requesting you to log in to the JHU login page (or to other pages that request you to login) or requests your cellphone number or asks for a gift card or wants to know your availability, please be wary of it, ''and if you think it's not legit'', '''do ''not'' click on any included links located in that phishing mail!'''
 +
 
 +
:{{red|'''Instead...'''}} (and please read the below options carefully.)
 +
 
 +
===...if the mail you received is specifically a Phishing email that {{red|''looks like''}} it came from an {{red|@cs.jhu.edu email address}}===
 +
 
 +
:If you receive a Phishing email that '''looks like it ''came from'' an ''@cs.jhu.edu'' email address''', we want to know about that, ''regardless'' of whether you received the email at your ''own'' @cs.jhu.edu or @jhu.edu email address. So, in this instance, please forward the Phishing email (including any mail headers, if possible, by '''forwarding it''' ''as an attachment''), to [mailto:support@cs.jhu.edu support@cs.jhu.edu] so that our  CS IT Support Team can examine it and take proper action.
 +
 
 +
:{{red|'''However...'''}}
 +
 
 +
:If the Phishing email you received does '''''not''''' look like it came ''from'' an ''@cs.jhu.edu'' email address, then please see the below two options to determine who to report the Phishing email to.
 +
 
 +
===...if you receive Phishing/Spoofing email at your {{red|''@jhu.edu''}}, {{red|''@jhmi.edu''}} or other {{red|''non''-@cs.jhu.edu}} (but still ''JHU''-related) email address===
 +
 
 +
:If you receive spam (including phishing, etc.) email at your ''@jhu.edu'' (or @jhmi.edu, @jh.edu, etc.) email address ''directly'' (and is not from an @cs.jhu.edu email address, or if you don't forward your CS email to your @jhu email), you can visit <!--[http:/.  Course info can be found at: /www.it.johnshopkins.edu/services/email/spam/ReportingSpam.html JHU's Reporting Spam and Suspicious Email page]--> [https://johnshopkins.service-now.com/serviceportal?id=kb_article&sys_id=59e4b648db2d7b84e6cfdb85ca96199d  JHU's How-to page for reporting spam].  As part of the process, you'll want to forward that email (including any mail headers, if possible, by '''forwarding''' it ''as an attachment''), to [mailto:spam@jhu.edu spam@jhu.edu] (and perhaps make the Subject Line say '''SPAM'''), so that JHU can examine it and take proper action. If you're not sure if the email is legitimate, mention that in your correspondence with JHU IT as well.  If you haven't heard back from JHU in a reasonable amount of time, please [https://support.cs.jhu.edu/wiki/Contacting_JHU_IT_Support open a trouble ticket with JHU IT.]
 +
 
 +
:'''NOTE''':  Phishing mail received at your ''non-CS'' email address and that did not originate from an ''@cs.jhu.edu'' address does '''not''' need to be reported to CS IT (i.e,. support@cs.jhu.edu)
 +
 
 +
===...if you receive Phishing/Spoofing email ''directly'' at your {{red|''@cs.jhu.edu''}} email address===
  
:Also, if you received spam (including phishing, etc.) email at your ''@jhu.edu'' account directly, you can visit <!--[http://www.it.johnshopkins.edu/services/email/spam/ReportingSpam.html JHU's Reporting Spam and Suspicious Email page]--> [https://johnshopkins.service-now.com/serviceportal?id=kb_article&sys_id=59e4b648db2d7b84e6cfdb85ca96199d JHU's How-to page for reporting spam].
+
:If you receive the spam/phishing email ''directly'' (i.e., not forwarded from your @jhu.edu address) at your ''CS email address'', or...  if you think the email originated from an @cs.jhu.edu email address, please forward it (including any mail headers, if possible, by '''forwarding it''' ''as an attachment''), to [mailto:support@cs.jhu.edu support@cs.jhu.edu] so that our CS IT Support Team can examine it and take proper action.
  
==Filtering Spam Received At Your CS Email Account==
+
==Filtering Spam Received At Your CS Email email address==
  
 
:Please see:  [[:Category:Spam Filtering At CS|Spam Filtering At CS]]
 
:Please see:  [[:Category:Spam Filtering At CS|Spam Filtering At CS]]
 +
 +
==A JHU IT-Prepared Doc To Help Its Users Identify Phishing Emails==
 +
 +
:JHU has put together a pdf that provides helpful information for identifying phishing emails.  It's geared to those using JHU's email system, but many of its tips apply to all that receive email.
 +
 +
:Please read: [[Media:Phishing-Safe_Links_and_Detecting_Suspicious_URLs.pdf|Phishing-Safe_Links_and_Detecting_Suspicious_URLs.pdf]]
  
 
==Do's & Don'ts Of Protecting Yourself From Phishing, Malware, & Ransomware-based Emails Scams==
 
==Do's & Don'ts Of Protecting Yourself From Phishing, Malware, & Ransomware-based Emails Scams==
  
:In a recent email to the JHU public, Darren Lacey, JHU's Chief Information Security Officer, compiled an excellent collection of Do's and Don'ts to protect yourself from phishing, malware, and ransomware-based email scams. Click the link below to read Darren's email.
+
:In an email to the JHU public, the JHU Chief Information Security Officer at the time compiled an excellent collection of Do's and Don'ts to protect yourself from phishing, malware, and ransomware-based email scams. Click the link below to read this email.
  
 
:[[Media:BeCautiousAndAvoidPhishingAttacks.pdf|Be Cautious and Avoid Phishing Attacks - Do's & Don'ts]]
 
:[[Media:BeCautiousAndAvoidPhishingAttacks.pdf|Be Cautious and Avoid Phishing Attacks - Do's & Don'ts]]
  
<br>
+
==Training Course Opportunity To Help You Identify Phishing Emails==
 +
 
 +
:JHU offers an excellent online course for the end-user regarding electronic information security and data management that includes a section on ''identifying phishing emails''. 
 +
 
 +
:To get info on the course, '''you need to be on the  [[VPN_-_JHU | JHU VPN]]''' or directly on a JHU network, and then browse to:
 +
 
 +
:[https://lms14.learnshare.com/dashboard/dash.home.aspx?Z=Cvz7rlERBiINCk3kFkMDWtWkTAGCTs%2fZPxff8PHH9jpE3NtAwUrdMyfZVOCTBf2m  Course: JHU Electronic Information Security and Data Management]
 +
 
  
 
[[Category:Spam]]
 
[[Category:Spam]]

Latest revision as of 14:01, 18 October 2024

STOP! READ HERE FIRST: This page contains instructions for Computer Science Department affiliates only


If you are not affiliated with the Johns Hopkins University Computer Science Department, this is not the right resource for you. Instead, please see JHU IT's page on how to report spam for further instructions.

If you are a Computer Science affiliate, please read on...

Phishing

Phishing can generally be defined as non-legitimate email you receive that tries to get you to provide the sender something personal. The sender is generally "fishing" for something from you, typically, one of the following...
  • info (including personal info, login credentials, or alternate contact info, e.g. cell #)
  • money (including gift cards)
What are some elements that make up phishing email?
  • It could be in the form of an html-based email with a login page embedded.
  • It could be something as simple as someone emailing you requesting you to send them info directly.
    • And sometimes, the sender might have first created an email address, like a gmail address, that looks similar to one you might already know... but not exactly the same.
    • Or it might be a masqueraded sender address. See the Spoofing (Masquerading)/Spear Phishing section below.
  • A phishing email might have a link to a login or info request page.
The above are just some examples of characteristics of phishing emails.
(Later in this page, we will provide you instructions for reporting phishing email to the appropriate groups.)

Be Wary...

It is very important that you examine all incoming email to make sure it comes from a legitimate source.
Your mail client should provide you a way to look at full mail or message headers so you can see if what you think is a legit address in the From: part of your message is actually the real address the sender is sending from.
If you're unsure about an email, you should look up the person's email address off an official website (my.jh.edu, etc.) and use the looked-up address to contact the email originator to confirm the email request. Remember, these spammers might simply change even one character in their own email address from an email address you might already recognize.
If your email has a link to a web page, the text for the link you see in your email may not be where the link actually takes you. Examine the link carefully. If you're at a computer, you might be able to hover your pointer over the link to see its true URL.
Also, look for spelling or grammatical errors in an email. Sometimes, those could indicate that the email is not from a legitimate source.

Spoofing (Masquerading)/Spear Phishing

Spoofing or Masquerading is when someone sends an email and it appears to come from someone else. You you could receive spoofed/masqueraded email in the form of a phishing email. Please see above for info on phishing email.
Spear Phishing extends the masquerading, as spear phishing is a type of phishing spam where a spammer sends email that appears to be from someone you know/trust, but is actually from the spammer.
In the case of spear phishing, the spammer tries to get you to send them information (financial, etc.), as you might think you're actually sending it to the person you know/trust (and you're really not.)
Spear Phishing is a very dangerous type of email, and it's easy to fall prey to it. It has become a common personal information-fishing tactic. And... it's also a very easy thing for a spammer to do.
Spammers can make the From: address in your email look like any name or email address, like that of your trusted friend, family member, co-worker, etc. However, the actual e-mail was sent by the spammer. Examining the full mail headers for your email (different methods for each email client), can help you determine the actual sender's (spammer's) email address. (And it's also possible that the spammer's email address you see in the headers might not actually belong to the spammer, but rather another email address the spammer has stolen.)
If you receive email that looks like it comes from someone you know, but the message content seems suspicious in some way, examine the mail carefully, including the mail headers for the actual sender's email address, to be sure it's legitimate. If you receive email asking for personally identifiable information, financial info, login credentials, etc., be wary, and make sure you are replying to the legitimate audience.
If you are not sure if the email is legit, contact the "sender" by an alternate means, e.g, by phone (a phone number you know is legit) or send a separate email to that individual (do not just click reply on the suspicious email) using an email address you know for that individual.

If You Receive Phishing/Spoofing Email...

If you receive phishing/spoofing email , especially if it's requesting you to log in to the JHU login page (or to other pages that request you to login) or requests your cellphone number or asks for a gift card or wants to know your availability, please be wary of it, and if you think it's not legit, do not click on any included links located in that phishing mail!
Instead... (and please read the below options carefully.)

...if the mail you received is specifically a Phishing email that looks like it came from an @cs.jhu.edu email address

If you receive a Phishing email that looks like it came from an @cs.jhu.edu email address, we want to know about that, regardless of whether you received the email at your own @cs.jhu.edu or @jhu.edu email address. So, in this instance, please forward the Phishing email (including any mail headers, if possible, by forwarding it as an attachment), to support@cs.jhu.edu so that our CS IT Support Team can examine it and take proper action.
However...
If the Phishing email you received does not look like it came from an @cs.jhu.edu email address, then please see the below two options to determine who to report the Phishing email to.

...if you receive Phishing/Spoofing email at your @jhu.edu, @jhmi.edu or other non-@cs.jhu.edu (but still JHU-related) email address

If you receive spam (including phishing, etc.) email at your @jhu.edu (or @jhmi.edu, @jh.edu, etc.) email address directly (and is not from an @cs.jhu.edu email address, or if you don't forward your CS email to your @jhu email), you can visit JHU's How-to page for reporting spam. As part of the process, you'll want to forward that email (including any mail headers, if possible, by forwarding it as an attachment), to spam@jhu.edu (and perhaps make the Subject Line say SPAM), so that JHU can examine it and take proper action. If you're not sure if the email is legitimate, mention that in your correspondence with JHU IT as well. If you haven't heard back from JHU in a reasonable amount of time, please open a trouble ticket with JHU IT.
NOTE: Phishing mail received at your non-CS email address and that did not originate from an @cs.jhu.edu address does not need to be reported to CS IT (i.e,. support@cs.jhu.edu)

...if you receive Phishing/Spoofing email directly at your @cs.jhu.edu email address

If you receive the spam/phishing email directly (i.e., not forwarded from your @jhu.edu address) at your CS email address, or... if you think the email originated from an @cs.jhu.edu email address, please forward it (including any mail headers, if possible, by forwarding it as an attachment), to support@cs.jhu.edu so that our CS IT Support Team can examine it and take proper action.

Filtering Spam Received At Your CS Email email address

Please see: Spam Filtering At CS

A JHU IT-Prepared Doc To Help Its Users Identify Phishing Emails

JHU has put together a pdf that provides helpful information for identifying phishing emails. It's geared to those using JHU's email system, but many of its tips apply to all that receive email.
Please read: Phishing-Safe_Links_and_Detecting_Suspicious_URLs.pdf

Do's & Don'ts Of Protecting Yourself From Phishing, Malware, & Ransomware-based Emails Scams

In an email to the JHU public, the JHU Chief Information Security Officer at the time compiled an excellent collection of Do's and Don'ts to protect yourself from phishing, malware, and ransomware-based email scams. Click the link below to read this email.
Be Cautious and Avoid Phishing Attacks - Do's & Don'ts

Training Course Opportunity To Help You Identify Phishing Emails

JHU offers an excellent online course for the end-user regarding electronic information security and data management that includes a section on identifying phishing emails.
To get info on the course, you need to be on the JHU VPN or directly on a JHU network, and then browse to:
Course: JHU Electronic Information Security and Data Management