Email Phishing

Email Phishing is the use of fraudulent emails to obtain sensitive or valuable information, typically usernames and passwords. This information can then be used to perpetrate more direct attacks on computer accounts and networks. The issue is slightly different in nature from the use of email to deliver viruses or "Trojan Horses". Users should be aware of these attacks so as not to compromise their and other users' security.

Who is the email from?

  • Email From: fields may contain false information! Due to insecurities in the internet email protocol, most of the information in an email message can be faked by the sender. The fields which are harder to change are typically not displayed by most email clients, and their interpretation can be confusing to many users.
  • Be wary of emails that purport to come from the Lab Staff (or other account managers) and warn of dire consequences which can be avoided by replying to the email to verify your account information.
  • Many phishing scams will fake the From: field to make it appear as if the email is coming from a trusted source. However, when the message is replied to, a slightly different, non-local address will appear as the recipient. This is accomplished by including a Reply-To: header, which is typically not displayed by most email clients.
  • The CS Lab staff will never ask you to provide your password in an email.

Users should be aware of these situations, as there is no easy technical fix. Phishing relies on psychological attacks to compel users to voluntarily surrender important information. If you have any questions or encounter an email you are unsure of, please feel free to contact the Lab Staff before replying to the message.