Basic examination on suspicion of phishing

02/11/2020

Basic rules for checking a suspicious email

Upon receipt of an email we verify the sender's address and the links to which there is an email reference.

Sender's address:

Verify the return address. Be especially careful of senders from addresses similar to Technion addresses.

Remember - the Technion addresses are of the type - user@XXX.technion.ac.il or user@technion.ac.il

Here are some examples of imposters:

user@technion.net user@technion.co.il

user@tehnion.ac.il

Links:

Do not click on the link, but place the mouse on the link and then at the bottom of the browser or next to the link itself appears the real link (URL) to which the reference is made.

  • If you have seen a link like - http://aisai.info/?d=user@tx.technion.ac.il it is quite clear that this is a link that was "sewn" by the attackers for Technion users.
  • Another recommended option is:
    - Right-click on the link and select Copy Hyperlink
    - Open the site https://www.virustotal.com/en/ in a browser
    - Select URL and move the link (PASTE) to the panel
    - Press SCAN IT
    - If you have been notified of a malware - please update the information security officer to block it. Please forward the entire email because we would like to block the sender as well. The greater the number of motors detecting a malware, the less likely the possibility of False Positive is.
    - If you have not received an indication of malware, it still does not guarantee that there is no malware, because it take time for VT also  to be updated on each and every malware. Exercise discretion or contact the Information Security officer.