Phishing attacks: Identifying malicious links in your email
Phishing is the practice of luring unsuspecting users to fake websites by using authentic-looking emails in an attempt to steal passwords, financial or personal information, or introduce virus attacks.
You have probably seen some kind of phishing email already, although you may not even have known it was a phishing email. For example, you may have received an email asking you to verify your account information for your Bank of America account, or PayPal account, when in fact you don’t have an account with either of them.
Did you know? In an average month, approximately 10 million emails go through our mail filter! 70-80 per cent, or 7-8 million, are blocked because they are spam. However, some phishing emails still get through and users need to be cautious.
Links to fake web sites
One of the ways in which attackers lure you to their fake web sites is through malicious links contained within emails. An attacker will use emotional hooks, such as fear or sense of urgency, to get you to click on the link within the email before you take the time to see where the link takes you.
Links to web sites are common in emails, but you should always treat links with caution. Links can direct you to fake web sites that:
- Install malicious software on your computer as soon as you visit them.
- Mimic legitimate login screens to steal your username, password and other sensitive information.
- Prompt you to install content or download a file. If you are instructed to do this, click “No”.
Identifying malicious links
To find out where a link is really taking you, hover over it with your mouse pointer. If the Universal Resource Link (URL) that is displayed:
- Is only an IP address.
- Does not match the link that is shown in the email content.
- Is long and confusing but includes a familiar term.
Chances are it is a malicious link and you should NOT click on it.
What to do if you come across a malicious link
Knowing how to see what a link is going to take you can help you identify phishing emails before you fall victim. If you see a URL that looks suspicious, delete the email or forward the email to spam [at] umanitoba [dot] ca.
For more information about phishing visit http://umanitoba.ca/computing/ist/security/phishing.html