Serving Colorado's Counties

Technical Update vol. 26 no. 8 - How to Identify a Phishing Email

February 22, 2022

Phishing emails are malicious emails that ask the reader to click on a link that will install harmful software on the receiver's computer and network; they can look almost identical to legitimate emails. Cybercriminals will often take the time to copy logos from legitimate companies and even mimic the text of an email. The best way to avoid a phishing scam is to hover the mouse over the link you are asked to click on and view the web address. If the web address does not contain the company name or looks suspicious in any way, do not click on the link.

Why Did you Receive the Email?

Another step you can take to identify phishing emails is to consider why you received the email in the first place. Most companies send confirmation emails only if you signed up for a new service or made a change to your account, such as updating information. If you did nothing to trigger such an email, be suspicious. Also, be wary of emails that do not fully load or display correctly. Many companies bundle plain-text and HTML versions of emails together to ensure that they display correctly on multiple email clients; cybercriminals often do not bother with this step, so their emails may display with missing graphics or text.  

Cybercriminals can steal email signatures from people you know and with whom you regularly do business. If you receive an email with an attachment, a request to divulge information, make a money transfer, buy something, or pay an invoice, even from someone you know, approach it with suspicion and then look for reasons to trust it. Never allow an email attachment to "Enable macros" in Microsoft Office. If you open a PDF that wants you to log in to Microsoft, don't do it. A PDF has nothing to do with Microsoft 365. If you're curious why the individual is asking you to do something or if they sent you something you weren't expecting, pick up the phone and call them.

How is the Email Worded?

Phishing emails are often sent to large groups of people in the hopes of tricking a handful of recipients into taking the bait, so look out for generic subject lines and greetings. The text of the email is often vaguely threatening or alarmist, stating that if you do not click on the offered link or enter your personal information, your account will be closed or your data compromised. Legitimate emails will never ask you for your personal information or password. Any organization you are a member of already has this information.

What This Means for Counties

CTSI does provide coverage for cyberattacks, as discussed in Technical Update vol. 24 no. 14 parts I and II; however, the best way to protect your organization from cybercrime is to be diligent and proactive. Trust your instincts. If something about an email seems off (e.g., an unusual request, odd URL, etc.), be suspicious. Do not click on attachments or links if there is any doubt about the validity of an email, even if the sender is someone you know. Contact the sender and ask if they sent you the email. For questions about recognizing and avoiding cybercrime, contact CTSI at (303) 861 0507.

A PDF of this Technical Update is available here.

News & Updates

Technical Update vol. 26 no 40 - AED Use and Maintenance

An AED (automated external defibrillator) is a medical device that helps people in cardiac arrest by analyzing their heart rhythm, and if necessary, by delivering defibrillation (e.g., electric shock) to […]

Read More
Technical Update vol. 26 no 39 - Fifteen-Passenger Vans

Fifteen-passenger vans allow counties to carry up to 15 people from one location to another, making them a convenient transportation option; however, their size and shape make these vehicles more […]

Read More
Technical Update vol. 26 no 38 - Pregnancy Leave and Nursing Rights of Employees

State and federal laws protecting workers from sex and gender discrimination prevent differential treatment of pregnant workers. Treating a worker differently on account of pregnancy may be a violation of […]

Read More
Technical Update vol. 26 no 37 - Understanding HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996 with the primary goals of ensuring continuous health insurance coverage for people who have lost or […]

Read More
Technical Update vol. 26 no. 36 - How Secure is Your Data?

Personal data has increasingly become a target of hackers. Twitter, Target, and Yahoo are a few of the companies that have experienced data breaches that left their customers vulnerable to […]

Read More