Phishing: Is This Email Trying to Con Me?
By Ben Thomas
Recently, Hamilton College was the target of a spear-phishing attack which resulted in a number of accounts being compromised. The level of sophistication to which phishing emails has risen highlights how much more difficult it is for recipients to differentiate them from real email. As such, the Help Desk developed the following guide to help you identify phishing attempts with a higher degree of success.
Consistent Message [Con Me] is a test to identify phishing emails. Con Me can be simplified as Who, What, and Where?
- It is important to note that if any one of the tests fail, the message should considered suspect.
- Applying the "Con Me" test is harder on mobile devices due to device limitations like smaller screen size and appended mouseover details.
Who is the sender? Is the sender name congruent with the sender’s email address?
If links are included in the message, does mousing over them verify that the URL (web address) matches what appears as text in the email? If the text is simply a linked word, does mousing over it point to an address that is consistent with the message? See examples below.
What is the purpose of the email? Is it asking you for your credentials? Is it asking you to login at a given link?
Let’s apply the "Con Me" test to actual copies of the recent phishing emails that hit Hamilton College.
Who: The email sender name matches the address.
Where: The mouseover reveals that the link would take you to phishing.com
What: The message is about a shared Google doc. We would expect the link to direct us to a Google drive address [https://drive.google.com].
Result: This email fails the Consistency test.
Pending email messages
Who: The email sender name does not match the email address.
Where: The mouse over data is consistent with the URL.
What: There are grammatical errors in the message and the link directs you to hamiltoncollege.webs.com which not a Hamilton College address.
Result: This email fails both the Consistency and Message tests.
We encourage you to read the Securing the Human February 2013 newsletter, Ouch! The topic of the newsletter was email phishing attacks.
Would you like to test your knowledge about phishing? The SANS Security Awareness Tip of the Day for June 18 included the following Phishing Quizzes to see how good you are at identifying phishing schemes.