How to detect if an email is spam or a phishing attempt

So, you got an email telling you that your email account is being upgraded, your account will expire, or maybe your email has exceeded some limit.

How do you determine if the email is valid or not?  Well, I will attempt to show our Math Department users how to do this by just loooking at a phish email and checking some common email headers and also how to get the full email headers.

Using MS Outlook.
Looking at the email in Outlook, not only do I see the suspicious From header, but Outlook shows the content of the email, which is HTML, and the next suspicious element is the link at the beginning of the email, which is supposed to show some picture. One of the features of Outlook is that emails which are composed in HTML can be shown as a webpage.  This makes emails look prettier, but can be exploited in order for spammers and phishers to gather information from people who open emails showing HTML!  This feature should be turned off to avoid this exploit.  (Search the web for "Disable HTML in Outlook" for help on how to do this.) The next suspicious element is the link where I am supposed to log into Chase Online.  The link is definitely not a valid Chase bank site as the domain is: progranit.pl, which is a domain for Poland
The headers at the top of this email window are not complete.  To get the full headers, you will need to go to the File Menu, highlighted in Yellow.  If the Info link, also highlighted in yellow, is not selected, click on it.  Now click the Properties button, which is circled in red.
The Email Properties window should look similar to the image on the right.  One of the first things to notice is in the Delivery Options section is the reply address: noreply@moneyspecialistconsulting.com, which is not a valid chase address.  In the Internet headers box is all the header info detailing where it came from, and each stop it took in order to get to your email address.

Now we will take a look at another suspicious email that the phishers were a little more clever and tried to make the email look more legit.

Using MS Outlook.
The email looks OK, but the link in the text of the email clearly is not a valid UH address. You can also check out the full headers by following the example above

Some useful tips

• Be suspicious of any request for your username and password.  Although administrators might ask you for your username, no one should know your password but you and you should never tell it to anyone!  Ever!  Don't ever give your password to anyone!  Don't ever send your password in an email!
• Check links in emails and webpages to be sure the text and link are the same or that you can see that it is related.  If the link says Microsoft Security, and the link is to some domain ending with microsoft.com, then it may be valid.  However, if the link is to microsoft.com.[some more text] or maybe some ip address, then the link may be malicious.

For more help on recognizing phishing emails, check out the following links:

(Be sure to check the links below by hovering the cursor over the link to have the browser show you where the link will take you.)

• Microsoft Safety and Security Center - How to recognize phishing email messages, links, or phone calls
• DigitalCheck - Two Simple Rules That Can Spot Nearly Every Email Phishing Scam

Back to Top

Last revised: September 18, 2019 11:36