There are some basic things that can tip you off to a phishing message:

• Poor spelling and grammar
• Unusually unprofessional messages from organizations or work colleagues
• Stange formatting

The test phishing message you recieved had none of those characteristics, which makes it a pretty believable message. What should you have been on the look out for?

One of the most effective ways of identifying a phishing email is to verify the email address that the message is from. The message you received purported to be from the IRS but it was sent from a non-IRS email address.

There are a few more tip offs in the email. Let’s take a look at a few:

A. The IRS never emails people about refunds. This is the sort of thing that a scammer will do around this time to trick you into giving them your bank information.

B. “Schedule 8675” certainly sounds official, but there’s no such IRS form (there’s one that sounds vaguely similar, but it isn’t related to refunds in anyway).

C. We recommend hovering over the link in your email client to see the actual address of the link (if you clicked on the link check the address bar in your browser to make sure you’re where you should be).

Copying and pasting the URL into a browser reveals that this link does not point to an IRS page.

Sending email is cheap, which is why phishing is an effective activity. Cybercriminals send out millions and millions of these messages, and even if a very small percentage of recipients are fooled the math works out in the criminals’ favor.

Here are few things to be on the lookout for if you suspect an email is actually a phish:

1. A sense of urgency – Phishing emails are designed to make you take action before you do anything else. The cybercriminals don’t want you to think too much, or follow lists like this one!
2. Mistakes and vagueness – Many phishing emails are littered with misspellings, signatures with incorrect contact information, and the wrong phrases for common internal groups (University IT instead of Wharton Computing, for example).
3. Unusual links – If you do click links in an email, pay close attention to where the link is actually sending you. Many phishes will send you to a page that looks like a login screen you’re familiar with (the PennKey login, for example), but if you look at the URL bar of your browser you’ll see you’re not on any of Penn’s websites.

Phishing emails are increasingly a vector for attack, but there are a few things you can do to make yourself a harder target:

1. Double check the sender – Criminals can easily make it look as though an email is coming from your boss, so double check that the email is from who it seems to be from. This is doubly true if the email is asking you to do something out of the ordinary like buy gift cards, reset your password, or something similar.
2. Check the email for the common signs of phishing – As outlined above, just taking a few moments before acting on an email to consider if it is legitimate will foil most phishing attacks.
3. Avoid attachments – Attaching things to email is very easy, which is exactly why the criminals use the technique. Leverage file sharing services like Box and Dropbox instead of attaching things to email.
4. Type in URLs – If you think an email looks suspicious, but you want to make sure the account it references is OK, just type in the URL of the service you want to log into instead of clicking on the included link.

Phishing emails are generally designed to do one of two things, Get your username and/or passwword, or Install some malicious software onto your computer.

The first thing you should do if you suspect you’ve been a phishing victim is: don’t panic. Stay calm. Wharton Computing is here to help you.

Secondly, inform your Wharton Computing representative as soon as possible.  They will help you with the following:

• changing your password(s)
• determine if malicious software has been installed

In either case time is of the essence; the longer you wait, the harder it will be to recover.