Phishing attacks: Identifying malicious links in your email

October 4, 2016 —

Phishing is the practice of luring unsuspecting users to fake websites by using authentic-looking emails in an attempt to steal passwords, financial or personal information, or introduce virus attacks.

You have probably seen some kind of phishing email already, although you may not even have known it was a phishing email. For example, you may have received an email asking you to verify your account information for your Bank of America account, or PayPal account, when in fact you don’t have an account with either of them.

Did you know? In an average month, approximately 10 million emails go through our mail filter! 70-80 per cent, or 7-8 million, are blocked because they are spam. However, some phishing emails still get through and users need to be cautious.

Links to fake web sites

One of the ways in which attackers lure you to their fake web sites is through malicious links contained within emails. An attacker will use emotional hooks, such as fear or sense of urgency, to get you to click on the link within the email before you take the time to see where the link takes you.

Links to web sites are common in emails, but you should always treat links with caution. Links can direct you to fake web sites that:

Install malicious software on your computer as soon as you visit them.
Mimic legitimate login screens to steal your username, password and other sensitive information.
Prompt you to install content or download a file. If you are instructed to do this, click “No”.

Identifying malicious links

To find out where a link is really taking you, hover over it with your mouse pointer. If the Universal Resource Link (URL) that is displayed:

Is only an IP address.
Does not match the link that is shown in the email content.
Is long and confusing but includes a familiar term.

Chances are it is a malicious link and you should NOT click on it.

What to do if you come across a malicious link

Knowing how to see what a link is going to take you can help you identify phishing emails before you fall victim. If you see a URL that looks suspicious, delete the email or forward the email to spam [at] umanitoba [dot] ca.

For more information about phishing visit http://umanitoba.ca/computing/ist/security/phishing.html

Information Security, Information Services and Technology, phishing, Staff, Students

VP Evolution Project enables Entra MFA for VIP/ESS access on April 3

The VIP Evolution project is a multi-year project, with dedicated resources from Information Services and Technology (IST), Human Resources and Payroll, led by a project board of leaders from across the UM community. The project’s focus is leveraging VIP functionality, reducing risk, and improving the user and employee experience.

Recognizing and combating fraud this tax season

Tax season is a heady time for fraudsters who hope to take advantage of seasonal anxiety to scam Canadians out of their money. Of course, tax season isn't the only time scammers have their way. Two common types of fraud that often threaten organizations are phishing and business email compromise (BEC) scams. These frauds are meticulously designed to appear credible, often leaving individuals and businesses vulnerable to significant losses.