Phishing, Spam, and Suspicious Email

Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment.

The email they send can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business.

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or another matter.

Phishing

Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.

Spear Phishing

Spear phishing is highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems.

For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.

The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.

Spam


Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam:

  • Enable filters on your email programs: Most ISPs (Internet Service Providers) and email providers offer spam filters. However, depending on the level you set, you may wind up blocking emails you want. It's a good idea to occasionally check your junk folder to ensure the filters are working properly.
  • Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam to abuse@uthsc.edu will also help to prevent the messages from being directly delivered to your inbox.
  • Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information.

Pharming


Pharming leverages malicious code such as viruses, worms, trojans and spyware to carry out sophisticated attacks such as hosts file modification, DNS cache poisoning etc. Pharmers can even hijack domains or spoof static domain names in order to fool users by redirecting them to malicious websites.

The Anatomy of a Pharming Attack

The most common method of Pharming attacks is described below:

1. The user types in the address of their bank (e.g. www.xyzbank.com) into the address bar of their browser.

2. The request passes to a DNS name server. This server maps www.xyzbank.com to a number say 210.10.10.3 (IP address) which is understandable to the computers.

3. In a normal scenario, the browser will connect the user to the authentication site of xyzbank. However, in pharming, the attacker modifies the mapping in the DNS service. Now DNS service maps www.xyzbank.com to 230.10.10.3 – the IP address of attacker's fake site.

4. For example: the customer thinks that they are interacting with, because it so indicates this http://www.xyzbank.com in the browser's address bar, but actually they are connected to the deceptive site of the attacker.

Spam & Phishing on Social Networks


Spam, phishing and other scams aren't limited to just email. They're also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.
Here are ways to report spam and phishing on social networks:

How Do You Avoid Being a Victim?

  • Don't reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email. Always hover over hyperlinks to ensure the link is legitimate.
  • Do not enter or input your UTHSC NetID and/or password.
  • Before sending sensitive information over the Internet, check the security of the website.
  • Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting your UTHSC Help Desk or corresponding company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group. Report phishing to the Anti-Phishing Working Group (APWG)
  • Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.

 

What to Do if You Think You are a Victim?

  • Report it to abuse@uthsc.edu or call Help Desk at (901) 448-2222 ext. 1 immediately! We can be alerted for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
  • Watch for any unauthorized charges to your account.
  • If you believe your financial and/or business accounts may be compromised, consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.

Additional Resources

IT Help? Try...

.    or    .

Contact Us

Information Security

877 Madison Ave
Memphis, Tennessee 38163
Phone: 901-448-1260
Fax: 901-448-8199
Email: itsecurity@uthsc.edu

Confidential Compliance Hotline:
901-448-4900