Phishing Emails

1.    What is Phishing?

Phishing is a type of online scam where criminals send an email that appears to be from a colleague, friend, family member and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam. 

2.    What is the danger of phishing?

Phishing is one of the most dangerous forms of cybercrime because, for the most part, it can’t be detected by regular antivirus software. 
Once the individual or organization behind the phishing scam has your personal information, you are in danger of falling victim to identity theft, which has serious consequences for financial stability and credit, or even political harm.

3.    How to identify a phishing emails?

1)    Check the sender's email address—if looks suspicious, don’t open the email. Don’t trust the display name as the phishing email is often forged a name, such as a system administrator account or the company name.
2)     Check the recipient’s address. If you find that the email is sent to large number of employee in different departments. It may be a phishing email.
3)    Check the email sending time. If it beyond working hours, like 3:00am, you need to be vigilant about it. 
4)    Check the email subject. Most of phishing emails using "system administrator", "notification", "purchase order", "invoice", "conference schedule", "list of participants", "review of previous conferences", etc. as the subject.
5)    Be alert to emails that use generic greetings such as Dear User, Dear Colleague. At the same time, be alert to any email that creates an emergency atmosphere. For example "Please be sure to complete it today". Most phishing emails attempt to create a sense of urgency, leading recipients to fear that their account is in jeopardy or they will lose access to important information if they don’t act immediately. 
6)    Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.
7)    Be aware of the Emails with spoofed links. Also, look for URLs including "&redirect" ,it may be a phishing email.  Be aware of the "Unsubscribe" button, some of them are leading to more spam after clicking, or be implanted with malicious code. You can directly block the spam sender's email address.
8)     Use caution when opening email attachments, even if they appear to be from someone you know. Scan the file using your antivirus program before opening it. Files such as word, pdf, excel, PPT, rar, etc. may be embedded with Trojans or spyware, especially executable files with .exe and .bat suffixes in the attachment. 

4. What should you do to prevent phishing emails?

1)    Install antivirus software. Keep your software current and update the virus database regularly to enable the antivirus software to scan the email attachments.
2)    The login password should be kept confidential. Don’t disclose the password information of the mailbox to anyone. Don’t post your login password on your desk or on a notepad where is easy to find. The password should be changed regularly.
3)    The email account should be linked to the mobile. Bind the email account to your personal mobile phone number, not only can you retrieve the password, but also receive the “off-site login reminder” message.
4)    Public and private mailboxes should be separated. Don’t use the work mailbox to register the website of public service, and don’t use the work mailbox to send private mail.
5)    Important documents should be protected. Clear important emails that are no longer useful; back up important files to prevent loss of files after being attacked; important mails or attachments should be sent encrypted, and the decryption password cannot be attached.

5. What should you DON'T to prevent phishing emails?

1)    Do not trust the "display name" of sender. Because the display name can actually be set manually, please check the full name of the sender’s email address.
2)    Don't click on the link in a strange email. If there is a link address in the text, don’t open it directly. A large number of phishing emails use short links (such as http://t.cn/zWU7f71) or text with links to confuse users. If the received mail is a notification email such as email account upgrade or suspension, you should check carefully whether the link is the official website. If not, it may be a phishing email.
3)    Don't let down your vigilance even when you receive emails from "acquaintance”. Attackers often use the internal email address in the company to send phishing emails. If you receive an email from a trusted friend or colleague, and it looks suspicious. You can call directly to verify it with the sender.
4)    Don’t perform sensitive operations in public places. Don’t use a computer in a public place to log in to your e-mail, or use instant messaging software, online banking or other operation relate with sensitive information. Please do not log in and send and receive emails after connecting to Wi-Fi if the network security cannot be ensured in case of people with ulterior motives will use data interception and surveillance to obtain user information. 
5)    Don’t post sensitive information to the Internet. Information and data that users post to the Internet could be collected by attackers. By analyzing this information and data, the attacker could send phishing emails to users in a targeted manner.

6. What to do If you click on a phishing link?

When you open a phishing email and cause an infection, don't be panic. You can carry out the following actions to reduce the harm caused by the phishing attack.
1)    Report to ITSO immediately. ITSO will follows up to do the system cleanup and recovery.
2)    Immediately change your passwords for any potentially compromised accounts to prevent the attacker from obtaining sensitive information such as emails and contacts in the mailbox for further attack.
3)    Conduct a full system scan using your antivirus/anti-malware software.
4)    Cut off the network connection of the infected device (unplug the network cable or disable the network) to prevent other devices in the network from being infected and infiltrated and to prevent sensitive files from being stolen, and reducing the loss caused by security incidents.