Phishing is the fraudulent email that looks like it is from a reputable source, but seeks to gain personal information, credit card numbers or payment. Periodically we receive reports that someone is phishing using a “gnjumc” account. It is very hard to prevent someone from phishing an account but we can offer tips to our clergy and laity on how to identify it so that they do not respond and get caught in a financial scam. The following best practices for identifying phish email are recommended by the website phishme.com
Anti-Phishing Best Practices for Identifying Phish Emails:
- Emails Insisting on Urgent Action: Emails insisting on urgent action do so to fluster the recipient. Usually this type of email threatens a negative consequence if the action is not taken, and recipients are so keen to avoid the negative consequences that they fail to study the email for inconsistencies or indications that it may be bogus.
- Emails Containing Spelling Mistakes: Most companies now employ a spell-checking facility in the email client or web browser to ensure that communications maintain a professional appearance. Emails containing spelling mistakes or grammatical errors are likely indicators that the email is not genuine.
- Emails with an Unfamiliar Greeting: Emails sent by friends and colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used, and those containing language not often used by colleagues, are signs the emails could originate from an attacker and should be deleted.
- Inconsistencies in Email Addresses: When an email looks suspicious check the address against previous emails received from the correspondent to detect inconsistencies.
- Inconsistencies in Links and Domain Names: Links to malicious websites can easily be disguised as genuine links. It is also advisable to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from (say) a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.
- Suspicious Attachments: Emails from colleagues with attachments should be treated suspiciously – particularly if the attachment has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
- Emails That Seem Too Good to Be True: Emails that seem too good to be true emails incentivize recipients to click a link or open an attachment with the promise that they will benefit by doing so. Typically recipients have not initiated contact and the sender of the email is unknown to them. These emails should be flagged as suspicious at once.
- Emails Requesting Login Credentials, Payment Information or Other Sensitive Information: Emails requesting login credentials, payment information or other sensitive information should always be treated with caution. By adopting the anti-phishing best practices detailed above, recipients of these emails should be able to determine whether or not they represent a threat, and deal with them accordingly.
When in doubt confirm. If you receive an email from GNJ that you think is suspicious, send an email to the person to confirm the request. DO NOT REPLY TO THE EMAIL OR OPEN AN ATTACHMENT IF YOU THINK IT IS SUSPICIOUS. You can forward the email to the appropriate person at GNJ and ask them to verify.