Email and messaging services (such as Skype, Twitter, or Snapchat) are one of the primary ways we communicate. We not only use these technologies every day for work, but also to stay in touch with friends and family. Since so many people around the world depend on these technologies, they have become one of the primary attack methods used by cyber attackers. This attack method is called phishing. Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home.
Phishing is a type of attack that uses email or a messaging service to fool you into taking an action you should not take, such as clicking on a malicious link, sharing your password, or opening an infected email attachment. Attackers work hard to make these messages convincing and tap your emotional triggers, such as urgency or curiosity. They can make them look like they came from someone or something you know, such as a friend or a trusted company you frequently use. They could even add logos of your bank or forge the email address so the message appears more legitimate. Attackers then send these messages to millions of people. They do not know who will take the bait, all they know is the more they send, the more people will fall victim.
In almost all cases, opening and reading an email or message is fine. For a phishing attack to work, the bad guys need to trick you into doing something. Fortunately, there are clues that a message is an attack. Here are the most common ones:
Ultimately, common sense is your best defense. If an email or message seems odd, suspicious, or too good to be true, it may be a phishing attack.
Report all unsolicited email claiming to be from the IRS or an IRS-related function to firstname.lastname@example.org . If you've experienced any monetary losses due to an IRS-related incident, please report it to the Treasury Inspector General Administration (TIGTA) and file a complaint with the Federal Trade Commission (FTC) through their Complaint Assistant to make the information available to investigators.
If a message looks a little "phishy" to you, check out the list of identified phishing attacks below. If you do not see your email on the list or if you have any questions, please contact the Help Desk.
Subject: Your 1095-C Statement - online!
Body of email:
Recently Seattle University hired our services to submit your 1095-C information to the IRS (Internal Revenue Service). We are writing to inform you that you can access your 1095-C statement online at (malicious link removed)...
For examples of past phishing emails, please visit the Phishing Email Archive.