Phishing - A Pervasive Threat

October is Cybersecurity Awareness Month, highlighting the importance of cybersecurity and the steps you can take to help protect yourself, your family, and UAH. This year we will have a different theme for each week:

  • Week 1 - Phishing
  • Week 2 - Cyber Threats
  • Week 3 - Protecting Yourself While Working Remotely
  • Week 4 - Incident Response - What to Do When You See Something

If you’ve read previous cybersecurity newsletters or previous years’ Cybersecurity Awareness Month articles you will recognize the phishing topic as being one that I have mentioned before. So if I’ve mentioned it before, why should I write about it again? It’s because phishing is the most common type of attack that is used to target UAH faculty, staff, and students. UAH receives thousands of potential phishing emails every day and more than 99% of them are caught and either prevented from reaching your inbox or are removed automatically when the Google anti-phishing and anti-spam analysis is completed.

However, no solution is perfect and chances are that you will eventually receive a phishing email in your inbox. It is critical that you keep a wary eye out for signs that an email is not legitimate. To assist you, here are some signs that can indicate that an email is actually a phishing threat.

Look for the [External] tag at the beginning of the subject line.

Any email that does not originate from a uah.edu email address will have [External] at the beginning of the subject line. Many safe and legitimate email messages come from external email systems. The [External] tag does not automatically mean the message is a scam, but it does provide additional information about the message source. The [External] tag means you need to carefully examine this email before you respond or take action.

Phishing emails are getting more sophisticated and harder to detect but the [External] tag confirms that this email did not come from a UAH email address. Emails that offer jobs, internships, or requesting sensitive information, should never have an “[External]” tag in the subject line.

For example, if your subject line says “Request for Information” then it originates from a UAH email address and has a high chance of being legitimate but if that same email’s subject line is “[External] Request for information” then this email has a higher chance of being a phishing email.

The [External] tag is implemented to help protect your account from possibly being compromised as well as protect the University.

Look at the “From:” address

By policy, all official UAH communication will originate from a UAH email account. The information after the “@” symbol in an email address indicates the domain and anything not “uah.edu” after the “@” symbol should be a cause for additional scrutiny. Chances are these emails will have the [External] label at the beginning of the subject line but it’s better to be safe than sorry.

How do you know it is a UAH account? The from address will look like abc123@uah.edu or mailto:first.last@uah.edu. Official UAH email won’t come from DrJohnSmith@gmail.com or JaneCharger.uah@att.net. Not even Google employees use the Gmail domain for official correspondence.

If the domain does not match the apparent sender of the email, the email is almost certainly not legitimate. For example, if the sender is Floyd.Carter@.optonline.net but the email is signed, "Dr. Lori Charger," it is almost certainly a scam.

Look for these indicators that an email may not be genuine

Although there are many different types of phishing emails, most of them rely on a common set of characteristics to trick users into replying or responding. Remember to stop, think, and verify information before you click.

  1. Some phishing scams use a sense of urgency such as claiming you need to take immediate action to keep your account or the person is requesting sensitive information and needs it right away.
  2. Some phishing scams play on fear. The email could contain threats or fear-mongering such as warnings that your account will be closed or that you have been referred to law enforcement. One scam we’ve seen recently was trying to state that the recipient had a past-due wireless bill of $3,138.
  3. Some phishing scams will play on greed by offering limited-time offers for exclusive deals, or discounts and prices that are too good to be true. A recent phishing scam we saw was offering iPads for sale for $15.
  4. Some phishing scams use personal details to try to make them seem more legitimate. The list of UAH faculty and staff is available on public websites and newer AI-based phishing techniques can even use information published on social media sites such as Instagram, LinkedIn, Reddit, and other sites as part of a targeted phishing campaign.

If you receive an email you believe to be phishing, do not respond to the message. In Google Mail, it is possible to mark the email as phishing or you can add a message to your spam filter for unwanted messages by clicking the “Report Spam” button.

If you are at all unsure about the legitimacy of an email, you should err on the side of caution and do not provide any information. Instead, contact the purported individual who sent the email in person or over the phone to verify the email is legitimate. Also, you can forward the email to the OIT Help Desk at helpdesk@uah.edu for more assistance.

By remaining vigilant against phishing emails, you can help UAH stay #ChargerSecure