Serving Colorado's Counties

Technical Update vol. 26 no. 8 - How to Identify a Phishing Email

February 22, 2022

Phishing emails are malicious emails that ask the reader to click on a link that will install harmful software on the receiver's computer and network; they can look almost identical to legitimate emails. Cybercriminals will often take the time to copy logos from legitimate companies and even mimic the text of an email. The best way to avoid a phishing scam is to hover the mouse over the link you are asked to click on and view the web address. If the web address does not contain the company name or looks suspicious in any way, do not click on the link.

Why Did you Receive the Email?

Another step you can take to identify phishing emails is to consider why you received the email in the first place. Most companies send confirmation emails only if you signed up for a new service or made a change to your account, such as updating information. If you did nothing to trigger such an email, be suspicious. Also, be wary of emails that do not fully load or display correctly. Many companies bundle plain-text and HTML versions of emails together to ensure that they display correctly on multiple email clients; cybercriminals often do not bother with this step, so their emails may display with missing graphics or text.  

Cybercriminals can steal email signatures from people you know and with whom you regularly do business. If you receive an email with an attachment, a request to divulge information, make a money transfer, buy something, or pay an invoice, even from someone you know, approach it with suspicion and then look for reasons to trust it. Never allow an email attachment to "Enable macros" in Microsoft Office. If you open a PDF that wants you to log in to Microsoft, don't do it. A PDF has nothing to do with Microsoft 365. If you're curious why the individual is asking you to do something or if they sent you something you weren't expecting, pick up the phone and call them.

How is the Email Worded?

Phishing emails are often sent to large groups of people in the hopes of tricking a handful of recipients into taking the bait, so look out for generic subject lines and greetings. The text of the email is often vaguely threatening or alarmist, stating that if you do not click on the offered link or enter your personal information, your account will be closed or your data compromised. Legitimate emails will never ask you for your personal information or password. Any organization you are a member of already has this information.

What This Means for Counties

CTSI does provide coverage for cyberattacks, as discussed in Technical Update vol. 24 no. 14 parts I and II; however, the best way to protect your organization from cybercrime is to be diligent and proactive. Trust your instincts. If something about an email seems off (e.g., an unusual request, odd URL, etc.), be suspicious. Do not click on attachments or links if there is any doubt about the validity of an email, even if the sender is someone you know. Contact the sender and ask if they sent you the email. For questions about recognizing and avoiding cybercrime, contact CTSI at (303) 861 0507.

A PDF of this Technical Update is available here.

News & Updates

Technical Update vol. 26 no 20 - Avoiding Lifting Injuries

CTSI has seen a recent increase in back injuries and muscle strains related to lifting heavy objects, often as a result of office moves or cleanouts. According to the Bureau […]

Read More
Technical Update vol. 26 no. 19 -2023 HSA Contribution Limits Released by IRS

The IRS has announced increases to the 2023 Health Savings Account (HSA) contribution limits. The rates take into account inflation and cost-of-living adjustments, as well as rounding rules under Internal […]

Read More
April 2022: Parkinson’s Disease
Read More
Technical Update vol. 26 no. 18 - Do you Have a Distracted Driving Policy?

Distracted driving is driving a motor vehicle while engaged in another activity, typically one that involves the use of a cellular phone or another electronic device. Distractions can be categorized […]

Read More
Technical Update vol. 26 no. 17 - Wildfire Smoke and Your Health

Smoke from wildfires is a mixture of gases and fine particles from burning trees and other plant materials that can hurt your eyes, irritate your respiratory system, and worsen chronic […]

Read More