The examples below are taken from actual e-mails received by members of the UBalt community. Can you tell the difference between phishing attempts and legitimate e-mail?
Upgrade Warning
What to Notice:
- Even though the sender appears to have a UBalt e-mail address, this is a phishing trick. UBalt does not use a "customer service" e-mail.
- The generic greeting (instead of your name)
- The "Click Here to Upgrade" URL doesn't lead to a UBalt site (you can put your curser over a link in an e-mail to see where the link leads to). In the image below, note that the URL ends with ubalt.edu.htm, which is not the same as ubalt.edu.
Account Error
What to Notice:
- The "From" address is not consistent with the administrator address (which would appear more like webadmin@domain.com. In the case of UBalt, it would be ubalt.edu)
- Furthermore, the e-mail addresses in the "From" and "reply-to" fields are two different domains. A legitimate service would have all of its e-mail accounts on its own domain (for example, all UBalt administration e-mail will end with @ubalt.edu)
- The generic "Email Owner" greeting instead of your name indicates that this could be a mass e-mail instead of a real warning to you
- The link in the body of the email is not for the site which has issued the warning
Username and Password Request
What to Notice:
- The request itself should raise alarm -- UBalt and other legitimate companies will never ask you for your password.
- The URL leads to an external site completely unrelated to the sender's domain (docs.google.com, instead of guilford.edu)
- The sense of urgency and threat of deactivation, to prompt you to act quickly instead of considering the risks
Security Violation
What to Notice:
- The greeting, "Dear Account User," is generic instead of addressed to a specific person
- The link in the body is not for a UBalt site (ubalt.edu) -- this goes to jimdo.com
- Typos and grammatical errors
- Sense of urgency/threat which requires immediate action
Quota Limit
What to notice:
This one looks pretty convincing, but:
- The best place to start is the "From" line: once again, it's not a ubalt.edu email address.
- Check the link in the email by hovering your cursor over it: this link, shown in the image below, actually leads to a page at yolasite.com, which is not affiliated with UBalt.