Identifying Spam and Phishing Attempts

It can sometimes be difficult to determine the legitimacy of an email. Here are some tips to help you identify whether or not an e-mail is spam.

There is one very important to remember when determining if an email is Spam:

The only person that should know your password is you. You should never tell your password to anyone. Additionally, you should only log into a website with your @brant.ca account if the website address is from something.Brant.ca

Below is an example of a potential Spam email:

From: System Administrator [support@helpdesk.com]
Sent: Thursday, May 02, 2010 14:17
Subject: Email Account Upgrade

Dear Email User,

This email is to inform you that we are upgrading our system webmail and every email users are required to fill and summit their information in the secure link provided below:

http://f8g3kr.u76.ru

There have been several phishing attempts and attacks and we have built a more reliable software, antivirus, filter to blocked and automatically delete every phishing emails before it reaches your email account.

Failure to click this link and upgrade your account before it expires may result in loss of important information in your mailbox/or cause limited access to it for 3weeks.

Thanks,
Helpdesk

Things to Look for When Spotting Spam Messages

Who is the email from?

Looking at the "From" address of an e-mail can often tell you if it is legitimate or not. The County will only send users an e-mail from an @brant.ca email address. It is possible to spoof the from address so that it appears to come from somewhere else. Therefore, this tell-tale sign should not be the only method used to decide whether something is legitimate or not.

Do the links look legitimate?

Many Spam emails will ask you to click on a link within the email. It is important to look and see where the link is going to take you. The one in the example e-mail is obviously suspicious - there is no way that the County would want you to access a website hosted on a Russian (.ru) server. Again, these links can be obviously spoofed:

https://www.brant.ca

Hovering your mouse over the link will tell you where you are really being directed. If the two do not match, do not click on it. If in doubt, do not click on the link - it is one of the biggest causes of malware on a computer.

Check the spelling and grammar

Not everyone is great at spelling and grammer, and something technicians are in a rush. The example e-mail above clearly has terrible spelling ("relible") and grammar ("summit their information"), and should be seen as instantly suspicious.

Is the email overly generic?

The final area to look at is the overall feel of the e-mail. Phishing e-mails are written to be read by many thousands of people. Therefore, they rarely contain any specific information. The example email above does not mention the County, the type of e-mail system in use (Exchange), and is signed using only the name "Helpdesk". An e-mail sent by the County of Brant Business and Solutions Team will always have a specific braningl to help verify the legitimacy of the information.