Check It Before You Click It Phishing, Malicious Links & Spoofed Headers

August 15th, 2016

What is Phishing?

The word "Phishing" is a variant of the word "fishing." It generally comes from an analogy of spammers sending many emails (casting a wide fishing net) in hopes of catching a user (the fish). Though many users don't fall victim to the scams, it only takes a few to make it successful.

What is the point of phishing?

"Phishers" typically attempt to steal information from you. This information includes (but isn't limited to) password and passphrases, email login information, banking information, and more. Attackers can use this information for different reasons including gaining privileged access to your local are network, sending malicious spam from your email account, stealing sensitive personal information, etc. Your financial/banking information could be used to steal your identity, pilfer funds from your account, send money out of the country, and more.

Check It Before You Click It

Most phishing scams can be avoided by sticking to these basic principles:

  1. Treat ALL LINKS as if they are suspicious. (Links include Web Addresses & URLs)
  2. Never provide your password or other sensitive information in an email message.
    • You are responsible for your password(s). DO NOT share your password(s) with ANYONE for ANY REASON.
    • Email is NOT a secure way to send out personal information. ALL e-mail messages can be intercepted when it is sent & email messages are NOT encrypted or protected by default.
    • If an attacker gains access to your email account, ALL of the sensitive information stored there will be accessible to the attacker.
  3. Be suspicious of messages such as these:
    • You are urged to take "Immediate Action”, there is a sense of urgency, or you are threatened that your account will be shut down.
    • Claim that your email inbox is Full or near its quota and needs to be upgraded.
    • Claim that you must login to enable security features or other services.

What do you mean by "treat all links as suspicious"?

Many emails are sent like a Web site with HTML code behind the scenes. This is done in order to include Web links, display images, and provide other special formatting. However, web links can be deceiving. (Example: The following text link - not-ccr’s website at all.com - opens the official CCR web site.)

Phishing Messages often do the reverse tactic of masking a malicious site through what looks like an official website. This can trick users into believing they are visiting a legitimate site. For this reason, you should not automatically trust what you see in email messages. Text links that appear as one link but lead to another should be treated as highly suspicious.

How do I check where the links actually go?

If you are using a desktop or laptop with a mouse, you may easily 'hover' the mouse cursor over the link. Depending on your operating system and email client, where the actual destination of link is displayed can vary. There are a few websites that check to see if a link is malicious or not. Check out https://sitecheck.sucuri.net/. If you type in the link in question, that site will give you information about the site as well as any malware that may be detected. As an example, I recently received an email with a link to click for Great Information! I copied the link into the following website and received the following results:

img1

img2

Below are examples of the same phishing message in several email clients:

Checking Links in Outlook 2010-2016

Outlook 2010 for Windows: True link destination displays where the mouse hovers & at the bottom of the screen.

img3

Checking links in iOS Mail

Apple iOS Mobile Devices: True link destination displays when you tap & hold down your finger on the link. (Apple iPhones & iPads DO NOT have a cursor for you to hover over the link with.)

See Demonstration Video: iOS Demo

Spoofed Headers - Faking the From: Field

There is a belief that if an email says it is from an account, like webmaster@ccr1.com, then it must actually be from webmaster@ccr1.com. The unfortunate reality is that the "From:" field can be easily faked to appear as any account or person. This is commonly referred to as "spoofing".

In the phishing examples above, the message says it is from CCR, however It also provides an email address of help@it.net. While that email address could be an instant indicator that CCR DID NOT send the message, keep in mind that even the email address can be spoofed to show helpdesk@ccr1.com or webmaster@ccr1.com.

If you are not sure about an email message's legitimacy:

Send an e-mail to servicedesk@ccr1.com. Include the following information: 

  • The Original Message.
  • The email message's Full Header Information which is necessary for CCR to determine if the email message was spoofed or not).
  • See the document Obtaining Email Header Information.

Reporting Phishing Attempts & Additional Security Information

CCR is willing to investigate any potential scam messages on your behalf. You may do so by sending the original message (with full headers) to security@ccr1.com. Please note CCR has very limited control over what messages are caught and flagged as spam.

There are numerous kinds of phishing attempts and other scams targeting users, many of which CCR cannot take any action on. However here are a few cases where we recommend you contact security@ccr1.com: 

  • You have an email message that contains malicious links.
  • You clicked on a link or responded with personal information to a potential email scam and need help determining what to do.
  • You have a scam message you believe came from another employee at your company.

As long as you do not click on any malicious links or respond to the email with personal information, you, as well as your computer, should not be at risk.


Many businesses don’t prioritize disaster recovery. Improve your disaster preparedness with our FREE eBook.Learn More Here
+