Identifying and Handling Malicious Messages
E-mail, telephone, and text messaging are convenient tools for exchanging messages, both within the university and beyond. Unfortunately, their public exposure and global reach makes them popular methods for malicious actors to use when attempting to steal information or compromise computer systems.
What are malicious messages?
Generally speaking, malicious messages are messages that have been designed with at least one of two purposes:
1. Stealing sensitive information. This can be accomplished by dropping malicious software onto a device (see installing malicious software below), but more often it is accomplished through messages designed to trick the recipient into voluntarily providing sensitive information such as passwords, social security numbers, and bank account numbers. This is commonly called phishing; however, terms have emerged to highlight common sub-types of phishing attempts:
- Spear phishing is a type of phishing attack that targets specific individuals based on a common factor, usually association with a specific organization or group. Spear phishing messages can be intricate and draw upon publicly-available information to make them seem more legitimate.
- Whaling or Whale phishing is a spear phishing variant where high profile individuals within an organization are specifically targeted. Usually this means members of upper management (CEO, VPs, etc.). Like spear phishing, whaling relies on public information to tailor an attack to make messages seem plausible.
- Smishing is a phishing attack that relies on SMS or text messaging as its delivery medium. Like phishing, smish attempts can be generic or they can be tailored to a specific target.
- Vishing is a phishing attack that relies on telephone or voice mail as its delivery medium. Like phishing, vish attempts can be generic or they can be tailored to a specific target.
2. Installing malicious software. Malicious messages can be used as a delivery mechanism for malicious software, also called malware. Malware is harmful to a computer and its use, and can perform a number of different functions depending on the goals of an attacker. Milder malware infections could be used to mine cryptocurrency or serve unwanted advertisements, while more severe malware can steal passwords and other sensitive data, log key strokes, add your computer to a botnet (used to attack other targets), and encrypt and hold files on your computer for ransom (ransomware).
Malicious messages use differing techniques to install malware. Some may include links to webpages in the hopes of exploiting vulnerabilities in web browsers to deliver malicious payloads when the page loads. Others may include a malicious attachment, such as a PDF, Word, Excel, or PowerPoint file, that installs malware when the file is opened. Others may also attempt to bundle executable files directly. This is why it is important that you do not open files or links until you know a message is legitimate.
Identifying Messages as Legitimate or Malicious
Unfortunately, there is no single or easy method for determining whether messages are legitimate or malicious. There are several characteristics that can help you to determine the likely intent of a message.
- Unknown or unrecognized senders/caller. While not always the case, it is more likely that legitimate messages will come from known individuals and organizations. Messages from unknown senders or organizations should be viewed with skepticism.
- Vague subject line and/or message. Malicious messages, particularly those used for indiscriminate attacks, will sometimes use vague language to both appeal to a larger number of people and to stoke curiosity about a link or attachment to the message. Legitimate messages are more likely to relate to very specific purposes or business.
- Poor spelling and grammatical errors in messages. Though this is becoming a less-reliable indicator as malicious actors become more sophisticated, many attacks originating from places where English is spoken as a second languages can contain language errors that suggest the message may not be legitimate.
- Call-to-action and tone of message. Most messages, whether legitimate or malicious, ask for something. Think critically about what the message asks for and its tone. Does it make sense in your role at the university? Does it create a sense of urgency? Does it prompt you to provide sensitive information, make a financial transaction, visit a website, or download a file? If so, the message is likely malicious. Malicious messages often create a sense of urgency or emergency to prompt you to engage with the malicious content, if only out of curiosity.
- Links to websites. Hyperlinks are a common feature in both legitimate and malicious messages, so their presence is not helpful in evaluating a message. Instead, take care to check the actual destination of the link without clicking on it and opening it. Links that go to known-good sites (like https://www.latech.edu, for example) are likely legitimate. On the other hand, links that go to unknown sites (e.g.: abcwidgets.xyz) or that are obfuscated using URL shortening (such as bit.ly or other redirection) should be viewed skepticism.
- Attachments. Attachments are a common method (particularly for e-mail) for distributing malicious software. Unexpected file attachments (especially from unknowns senders) should be treated with skepticism.
Preventing Damage from Malicious Messages
Just a few best practices can help to significantly reduce your chances of being negatively impacted due to a malicious message:
- Ensure that anti-virus software on your computer is installed and up-to-date.
- Ensure that your computer is running an up-to-date operating system that receives security updates.
- Ensure that software is kept up-to-date – especially e-mail clients and web browsers.
- Setup your account to use multi-factor authentication (students / faculty).
- Do not reuse passwords.
- Treat messages as malicious until they have been determined to be legitimate.
- Do not open attachments or follow web links until you have determined that a message is legitimate.
- Do not disclose confidential or private information through e-mail web forms unsolicited on unknown web sites.
- Report malicious messages when they are received.
Reporting Malicious Messages
If you have determined the message is malicious, follow the guidance below to report the it:
Non-Office 365 e-mail: Forward the e-mail, including the full message headers, to email@example.com.
Office 365 e-mail: Use the “Report Message” feature to flag the message appropriately and forward the message for analysis.
Once reported, you should delete malicious messages from your mailbox.
What if I am not sure about a message?
If you receive a message and are unsure about whether it is legitimate or malicious, contact the Help Desk for assistance.
What should I do if I responded to a malicious message?
If you responded to a malicious message by clicking any links, opening attachments, or providing any information to a third party, you should take immediate steps to protect your personal information and computer accounts.
- Disconnect your computer from any network to which it is connected immediately. Do not shut down or reboot your computer unless instructed to do so by the Help Desk or other IT staff, as doing so could compromise forensic evidence.
- Take a mental inventory of the information disclosed by your response. Did you provide information? Or was a file downloaded? If information was provided, what was it? Was it related to a University accounts? Or was it related to your personal data?
- If you disclosed your University username and password, use another computer to visit https://password.latech.edu and change your password. This will change the password you use to login to your computer, access e-mail, Moodle, and other services.
- Contact the Help Desk to further discuss the incident and arrange to have your computer checked for malicious software.
- If you disclosed other information related to personal accounts (bank accounts, e-mail, social media, etc.) contact those organizations to update your password and change any account numbers that may be necessary.