Email attacks and hoaxes
How to tell if an email message is a hoax or an attack
Viruses, worms, spammers, and other attackers sometimes send email with a nefarious purpose. Viruses and worms might use an email to try to infect your computer and spread; spammers may try to convince you to visit their site on the web, perhaps impersonating a legitimate business in order to gain your trust. You should be suspicious of any message that asks for confidential information, or that asks you to visit a web site and enter confidential information such as account numbers or passwords. You should also be suspicious of any message that asks you to open an attachment or that threatens dire consequences if you do not act quickly.
Here are some guidelines on how to tell if a message is a hoax or attack, and what actions you should and should not take if your suspicions are aroused.
- Check the IT email threat webpage for current reported problems.
- Look at it carefully. If doesn't quite ring true, it probably isn't. Poor spelling and grammar might indicate a spoof. But some criminals are smart (and well-intentioned people make mistakes) so this is not a very reliable method.
- Don't click on any links or images in the message. If the message asks you to visit a website, you should write down the URL and then type it into your browser. Criminals commonly make a link look like it will take you to one site, but have it actually send you to a different site that they control. This is easy to do, and some criminals have gotten very good at making counterfeit web sites that look and act a lot like the sites they are imitating.
- Distrust attachments. Many Windows viruses spread by taking malicious actions when the user previews or opens an attachment. If in doubt scan the attachment with anti-virus software or contact the sender to verify that the attachment is benign. Updates and patches are not usually sent as attachments and you should not trust one that arrives unsolicited. Some malicious messages, however, use attachments masquerading as patches or updates.
- Verify the information by other means. Visit a web site you trust or call the customer service number of the institution sending the message to verify authenticity. To be safe you should use contact information that you trust, and not rely on any contact information provided in the suspect message.
- It is safer not to act on a message if you are ever unsure about it until you have carefully verified it. Most legitimate businesses will not unexpectedly send you urgent requests via email. Criminals, on the other hand, frequently use an urgent tone to try to get you to act before you can verify the message. Be skeptical! Some malicious messages have even persuaded people to follow complex instructions to delete important files on their own computers.
- Research the message on the web. There are many useful sites; we frequently recommend Symantec's site. They offer, for free, both a searchable virus encyclopedia and a more general security database. A search on the subject line or attachment name may find specific information.
- Use a recommended email program, especially if you use Windows. Use one of the IT-recommended IMAP clients rather than Microsoft Outlook or Outlook Express; our recommended clients have fewer known vulnerabilities.
In most cases these steps will be all you need. If you are still unsure you can forward any suspect message to Computer User Services (email@example.com) and we will try to provide you with more information.
Want to practice identifying email hoaxes? Test your skills with Google's Anti-Phishing Training Game.