The Russia-Ukraine war has put us all on a global heightened cybersecurity awareness
campaign. This is due to potential direct cyberattacks or indirect cyberattacks that
may leak or spill out of the theater of operations.
We are asking all in our UNCSA domain to report any unusual emails, attachments, files,
or unusual solicitations to address this issue. When receiving an email use the following
methods to help detect a phishing attempt.
Phishing Methods
Emails demanding urgent action
Emails threatening a negative consequence or a loss of opportunity unless urgent action
is taken are often phishing emails. Attackers often use this approach to rush recipients
into action before they have had the opportunity to study the email for potential
flaws or inconsistencies.
Emails with bad grammar and spelling mistakes
Another way to spot phishing is through bad grammar and spelling mistakes. Many companies
apply spell-checking tools to outgoing emails by default to ensure their emails are
grammatically correct. Those who use browser-based email clients apply autocorrect
or highlight features on web browsers.
Emails with an unfamiliar greeting or salutation
Emails exchanged between work colleagues usually have an informal salutation. Those
that start “Dear” or contain phrases not typically used in casual conversation are
from sources unfamiliar with the style of office interaction used in your business
and should arouse suspicion.
Inconsistencies in email addresses, links and domain names
Another way how to spot phishing is by finding inconsistencies in email addresses,
links, and domain names. Does the email originate from an organization corresponded
with often? If so, check the sender’s address against previous emails from the same
organization. Look to see if a link is legitimate by hovering the mouse pointer over
the link to see what pops up. If an email allegedly originates from (say) Google,
but the domain name reads something else, report the email as a phish.
Suspicious attachments
Most work-related file sharing now takes place via collaboration tools such as SharePoint,
OneDrive, or Dropbox. Therefore internal emails with attachments should always be
treated suspiciously – especially if they have an unfamiliar extension or one commonly
associated with malware such as .zip, .exe, .scr, and others.
Emails requesting login credentials, payment information, or sensitive data
Emails originating from an unexpected or unfamiliar sender that request login credentials,
payment information or other sensitive data should always be treated with caution.
Spear phishers, defined as a cybercriminal that poses as a trusted source, can forge
login pages to look similar to the real thing and send an email containing a link
that directs the recipient to the fake page. Whenever a recipient is redirected to
a login page or told a payment is due, they should refrain from inputting information
unless they are 100% certain the email is legitimate.
Too good to be true emails
Too good to be true emails incentivize the recipient to click on a link or open an
attachment by claiming there will be a reward of some nature. If the email sender
is unfamiliar or the recipient did not initiate the contact, the likelihood is this
is a phishing email.
How to report a suspicious email
Finally, please report any issues to our IT department if you are unsure.
- In Outlook, report the message as phishing. Select the Report Spam/Phish link in the
email, or select the Report Spam/Phish UNCSA button on the top ribbon. - If you use the Outlook Web app, right-click the message then go to Security Options
> Report phishing to mark and report the email as a phishing attempt. - Delete the original email.
It is better to use caution and remain diligent. Thank you all for your attention
to this matter.
Contact: Greg Gleghorn
March 10, 2022
