shortcut to content
Minnesota State University, Mankato
Minnesota State University, Mankato

Verify Sources

Page address: http://www.mnsu.edu/its/security/blog/verifysources.html

By Khalid Diriye

How to spot a phishing attempt?

  • It arrives as a mail message. Mail can be sent by anyone and it is trivial to spoof the sender’s address so that it seems to come from your mail operator or some other company you trust.
  • URL isn’t familiar. Many phishing attempts succeed because the user doesn’t look at the link enough to spot that it isn’t the actual link. Example “cnn.com” turns into “cnn.xyz.com”
  • People think less when in a hurry so it tries to create a sense of urgency. You need to act right now. This lowers the risk that the victim checks out the facts first. The 24h deadline is a typical trick to achieve this.
  • It links to a web page that looks like an official page of, for example, your mail operator. But it is actually controlled by the attacker, who also receives any information you enter.

How to avoid being phished?

  • Right Click on the link and select copy link address and paste it into notepad where you can view the link and compare if it’s a trusted source or not.
  • Get familiar with the concept of secured web pages and how to recognize them. Their addresses start with “https://” instead of “http://” and your browser shows a lock or similar symbol next to the address field. If the site links to an https site than most likely you are not visiting a malicious source however it is http you might be.
  • Have multiple passwords for multiple accounts so that even if one if your accounts gets compromised there isn’t a chance of access on other accounts.
  • Call your Information Technology Services department and have them address the email you believe to be a phishing email.

For more questions regarding phishing emails contact servicedesk@mnsu.edu or call (507) 389-6654