Check It Before You Click It - Phishing, Malicious Links & Spoofed Headers




Check it before you click it.  LSU will never ask you to verify your account information through email.  Check it before you click it.  Contact the ITS Help Desk 578-3375 or helpdesk@lsu.edu.

Table of Contents:

What is Phishing?

Check It Before You Click It

Checking Links in Outlook 2010

Checking Links in Thunderbird

Checking Links in Mac Mail

Spoofed Headers - Faking the From: Field

Reporting Phishing Messages and Additional Information
 

Related Links:

LSU Security Awareness

LSU E-mail Overview

 


What is Phishing?

The word "Phishing" is a variant of the word "fishing."  It generally comes from an analogy of spammers sending many emails (casting a wide fishing net) in hopes of catching a user (the fish). Though many users don't fall victim to the scams, it only takes a few to make be successful.

What is the point of phishing?

"Phishers" typically attempt to steal information from you. This information includes (but isn't limited to) PAWS ID and password, email login information, banking information, and more. Attackers can use this information for different reasons including gaining privileged access to LSU's network, sending malicious spam from your email account, stealing sensitive personal information, etc. Your financial/banking information could be used steal your identity, pilfer funds from your account, send money out of the country, and more.


Check It Before You Click It

Most phishing scams can be avoided by sticking to these basic principles:

1. Treat ALL LINKS as if they are suspicious.  (Links include Web Addresses & URLs)

2. Log in with your LSU PAWS ID at official lsu.edu sites ONLY & pages such as my.lsu.edu and tigerware.lsu.edu.

3. Never provide your password or other sensitive information in an email message.

  • You are responsible for your LSU PAWS ID.  DO NOT share your PAWS password with ANYONE for ANY REASON.
  • Email is NOT a secure way to send out personal information.  ALL e-mail messages can be intercepted when it is sent & email messages are NOT encrypted or protected by default.
  • If an attacker gains access to your email account, ALL of the sensitive information stored there will be accessible to the attacker.

4. Be suspicious of messages such as these:

  • You are urged to take "Immediate Action",  there is a sense of urgency, or you are threatened that your account will be shut down.
  • Claim that your email inbox is Full or near it's quota and needs to be upgraded.
  • Claim that you must login to enable security features or other services.

What do you mean by "treat all links as suspicious"?

Many emails are sent like a Web site with HTML code behind the scenes.  This is done in order to include Web links, display images, and provide other special formatting.  However, web links can be deceiving.  (Example: The following text link  - not-a-lsu-site.com - opens the official LSU web site.)

Phishing Messages often do the reverse tactic of masking a malicious site through what looks like an official LSU page. This can trick users into believing they are visiting a legitimate site. For this reason you shouldn't automatically trust what you see in email messages. Text links that appear as one link but lead to another should be treated as highly suspicious.

How do I check where the links actually go?

If you are using a desktop or laptop with a mouse, you may easily 'hover' the mouse cursor over the link. Depending on your operating system and email client, where the actual destination of link is displayed can vary. Below are examples of the same phishing message in several email clients:

Checking Links in Outlook 2010

Outlook 2010 for Windows: True link destination displays where the mouse hovers & at the bottom of the screen.

Checking links in Outlook 2010

Checking Links in Thunderbird

Thunderbird 17.0.7:  True link destination displays at the bottom of the application window ONLY.

How to view the true destination of a link in Thunderbird

 

Checking Links in OS X Mac Mail

OS X Mac Mail: True link destination displays where the mouse hovers & at the bottom of the application window.

How to determine the true destination of a link in OS X's mail.

 

Checking links in iOS Mail

Apple iOS Mobile Devices:  True link destination displays when you tap & hold down your finger on the link.  (Apple iPhones & iPads DO NOT have a cursor for you to hover over the link with.)

See Demonstration Video:


 


Spoofed Headers - Faking the From: Field

There is a belief that if an email says it is from an account, like webmaster@lsu.edu, then it must actually be from webmaster@lsu.edu. The unfortunate reality is that the "From:" field can be easily faked to appear as any account or person. This is commonly referred to as "spoofing".

In the phishing examples above, the message says it is from LSU, however It also provides an email address of help@it.net. While that email address could be an instant indicator that LSU DID NOT send the message, keep in mind that even the email address can be spoofed to show helpdesk@lsu.edu or webmaster@lsu.edu.

If you are not sure about an email message's legitimacy:

Send an e-mail to the helpdesk@lsu.edu.  Include the following information:


Reporting Phishing Attempts & Additional Security Information

LSU IT Security is willing to investigate any potential scam messages on your behalf. You may do so by sending the original message (with full headers) to security@lsu.edu. Please note LSU ITS has very limited control over what messages are caught and flagged as spam.

There are numerous kinds of phishing attempts and other scams targeting users, many of which LSU cannot take any action on. However here are a few cases where we recommend you contact security@lsu.edu:

  • You have a phishing message that contains malicious links.
     
  • You clicked on a link or responded with personal information to a potential email scam and need help determining what to do.
     
  • You have a scam message you believe came from another LSU user.

As long as you do not click on any malicious links or respond to the email with personal information, you as well as your computer should not be at risk.

As always, if you have any concerns or comments please feel free to email the LSU IT Security & Policy Office with any of your questions via security@lsu.edu.



17107  
2/10/2014 11:59:41 AM  

We love feedback! Please help us improve this article.


Article Rating:
Email Address:
(Optional, unless you would like to hear back from us)
Comments:
GROK is a resource of Louisiana State University developed and maintained with support of the LSU Student Technology Fee.  We love getting feedback from the general public, but our one on one support efforts are generally dedicated to the LSU community.  Thanks for your understanding!
"" ""

Information Technology Services
200 Frey Computing Center · Baton Rouge, LA 70803
Telephone: 225-578-3700 · Fax: 225-578-3709 · E-mail: helpdesk@lsu.edu

Copyright © 2006. All Rights Reserved. Official Webpage of Louisiana State University.