Don’t get hooked: How to spot and avoid email phishing attacks

You may have seen reports this week of further attacks against IT systems across the world, including in the UK. At this stage Manchester Metropolitan University has not been impacted by these attacks, and we are monitoring our systems closely to identify any vulnerabilities, but in the circumstances the following advice is particularly relevant for all our staff and students.

The delivery method for this and other attacks can vary, however they generally rely on underlying security vulnerabilities along with user interaction, very often in the form of a malicious email.

Everyone should be particularly vigilant not to click on any email links or open attachments, unless you are absolutely sure of the email source.

Some general advice on how to identify potentially malicious emails includes:

  • Sender: Were you expecting this email? Not recognising the sender isn’t necessarily cause for concern but look carefully at the sender’s name – does it sound legitimate, or is it trying to mimic something you are familiar with?
  • Subject line: Often alarmist, hoping to scare the reader into an action without much thought – may use excessive punctuation
  • Logo: The logo may be of a low quality if the attacker has simply cut and pasted it from a website – is it even a genuine company?
  • Dear You: Be wary of emails that refer to you by generic names, or in a way you find unusual, such as the first part of your email address. Don’t forget: your actual name may be inferred by your email address
  • The body: Look out for bad grammar or spelling errors but bear in mind that modern phishing looks a lot better than it used to – many phishing campaigns originate from non-English speaking countries but are written in English in order to target a wider global audience and so word-choice may be odd or sound disjointed
  • The hyperlink or attachment: The whole email is designed to impress on you the importance of clicking this link or attachment right now. Even if the link looks genuine, hover your mouse over it to reveal the true link. It may provide a clue that this is not a genuine email. If you are still unsure, do not click the link
  • Signature block: The signature block may be a generic design or a copy from the real company.

Please report any concerns you have to the IT Helpline on 0161 247 4646.

In terms of your home computing, the best defence against this sort of attack is to ensure that you follow the same advice regarding email, apply security patches when they become available, and run an up-to-date anti-virus programme.