Don't get phished

What is phishing?

Phishing scams attempt to trick users into providing passwords or other sensitive information by imitating legitimate websites. Phishing attempts have become increasingly prevelant and more targeted. Caltech IMSS is implementing new email security measures to counter these attacks. Help protect yourself by knowing how to recognize a scam.

Spot an obvious phish

This first example is pretty lousy, and most of us should easily recognize it as a scam. Nonetheless, these continue to proliferate because scammers can count on that one user out of many thousands to fall for it. Don't be that one!

slow performance phish‚Äč

Pay attention to the sender and the subject

Phishing messages can come from a fake sender address or from a stolen account, so an @caltech.edu sender address does not mean the message is safe. However, this particular message purported to be official institute IT business, yet came from an outside [stolen] email account (we've changed the email address in the sample image for that person's privacy). Additionally, these types of scams commonly use capitalized subject lines with urgent language to attempt to scare victims into falling for the scam.

Poor spelling and grammar should raise a red flag

While you may encounter legitimate messages with mistakes, and a scam message could be very well written, it's quite common that these kinds of scams are riddled with spelling mistakes and poor grammar and you should be suspicious of such messages.

Recognize and avoid deceptive web links

Similar to how the text portion of a link can say "click here" while the destination is a web site address, the link text in this case is crafted to appear to be an official support/helpdesk link, but that is actually only the text portion. The link revealed when hovering over that text is completely different. Be wary when the link text does not match the actual destination for a link, and be especially wary when the link destination is not a website you recognize.

Be particularly wary of a questionable or even ridiculous call to action

Perhaps the most blatantly obvious indicator that this is a scam is the assertion that "you need to log on service desk tickets to help fasten our investigating". The scammers are counting on users simply ignoring the message and going straight to the link. If you don't know why you're being asked to log in, don't do it. Better yet, don't log in on any page that was linked to you in an email.

Don't fall for a more convincing scam

This second example has succesfully tricked a number of users into providing their login and password to scammers.

docusign phish

An @caltech.edu sender address does not mean the message is safe

Phishing scams commonly use fake sender addresses or stolen accounts to make the message appear legitimate. Just because a message says it is from an "@caltech.edu" email address does not mean it actually was sent by a Caltech user. In this example, a Caltech user fell for a phishing scam and that person's email account was hijacked to send out more phishing messages (we've changed the email address in the sample image for that person's privacy).

Pay close attention to where a link is taking you

Before clicking a link in an email, hover your mouse over that link and look at the destination web site address. A legitimate Docusign would have linked to the official website for docusign (e.g. https://www.docusign.com). Phishing messages often take advantage of hacked websites or free survey form sites to create an imitiation "log in" form for collecting passwords from victims. In a Docusign phish scam like this one, expect to see a link pointing to something like http://example.com/wp-content/docusign-login-form.php or https://docusign-official-login.example.com. After clicking a link, double check the address bar in your web browser to make sure you ended up where you expected.

Consider who is sending you the message and why

Were you expecting to receive a document you need to sign? Do you recognize the person sending this message? These scams are becoming more common. If you're not sure, verify first!