Determining the Validity of an E-mail

03/13/2017

by Neil Johnson

Situation: You receive an e-mail with content generally stating that “Your account has a problem” and you must “sign-in to your account” to “fix the problem." If you click the link and sign-in to “your account," you may have fallen for a phishing scam. The link was to the phishing scammers’ website and when you “sign-in to your account” you are simply giving the bad guy your account. Phishing is the use of e-mail to attempt to con you into giving up your account information. How do you determine if the e-mail is valid?

I’m Neil Johnson, a Network Applications Engineer for Jacksonville State University. I have worked for JSU for 17+ years and have been professionally managing e-mail systems for quite a bit longer than that. Phishing scams have been around a long time and I am constantly being asked about suspicious e-mails. Listed below are the non-technical recommendations that I personally use to quickly classify e-mail as good or bad. I don’t go through all these recommendations for every e-mail I receive. However, if I get an e-mail that requests for me to enter my account information - you bet I do. You should too! I don’t use any one of the recommendations to make my decision, I look at them combined.

So, what are these recommendations?

  1. If you have any doubt as to the validity of an e-mail regarding account information, assume that it is harmful. Force yourself to prove that e-mails dealing with account information are what they say they are before you act. Have you started some process with this account that makes this e-mail seem legit? Do you already know that this e-mail is typical of the sender? Be skeptical, unless you know for sure.
  2. Does the e-mail “look” right? I know, this is subjective. However, does the e-mail look like an e-mail that commonly comes from a reputable organization? Sure, bank account, school or work related e-mail could be plain text with no logo or pretty formatting – but usually banks, schools and businesses have nice websites and the contrasting style between the e-mail and website should be considered a bit odd. If it doesn’t look “right” it might be a phish attempt.
  3. Read the e-mail. Not every phish e-mail is poorly written, but does the e-mail actually make sense? What is it asking you to do? The scammers’ goal is to trick you into revealing your account info. Phishing e-mail content is simply there to take space and confuse you into trust. Take your time…you might end up saving your bank account balance. Is it obvious that the e-mail is poorly worded, with many misspelled words? Keep that in mind. 
  4. Check the “from” address of the e-mail. The “from” address alone can’t prove legitimacy of an e-mail because it isn’t difficult to fake. That said, I still recommend knowing how to use your e-mail application to see the actual “from” address. The “from” address should match the content and organization represented in the message. Your school, job, or bank shouldn’t send you an account notice from an odd address such as example99@SomeU.edu or example@foreigncountryscammer.nl. Official e-mail should typically come from the @domain associated with the business. If they don’t use their @domain…THEY SHOULD! When the “from” address doesn’t match, exercise extreme caution before acting.

But, what if the recommendations don’t make you certain you are safe? If you get an e-mail that seems to indicate an issue with your bank account? It looks nice, reads fine, and is from support@mybank.com. You should find a reputable source (business card, phone book, or http://www.mybank.com homepage) for a valid phone number or support e-mail to contact them directly to verify the e-mail. Never use an e-mail address or phone number contained within a suspicious e-mail. Businesses are usually happy to help. In some cases, they may even thank you for your diligence.

What about JSU specific messages? Sometimes it is hard to tell if an e-mail is related to your JSU account(s). If you have been around JSU for very long, you already likely know that there are a lot official JSU e-mails. The Red & White, various newsletters, surveys, etc. I know from my experience that JSU is targeted often for phishing attacks. I also know that almost all e-mails that contain phrases similar to “webmail storage portal," “fix your full mailbox," “update your account," or “release the messages from your quarantine” are simply phishing attempts that are not from JSU.

Still don’t feel confident? If you still aren’t sure about the e-mail, you should not act upon the e-mail. Students and employees of JSU can simply forward the e-mail to phishing@jsu.edu and someone from the JSU Technology Support Center will respond.

See Also: 

JSU News - Please Don’t Feed the Phish

JSU News - Campus Reminded to Be Alert to Phishing Attempts

Federal Trade Commission Consumer Information - Phishing