Malicious links (URLs) and attachments found in emails, text messages, social media, and pop-ups can lead you to dangerous sites, putting your data, computer, and the UTSW network at risk.
To remain secure, start with a few simple steps:
- Examine all email sender addresses that contain an “External Mail” header.
- Compare the sender’s name with the sender’s email address.
- Were you expecting the email? Does it impart a sense of urgency? Verify legitimacy of questionable emails with the sender through a separate Microsoft Teams instant message, phone call, or UTSW email (not a reply). It never hurts to double check.
Beware of …
Impersonation emails are the most common type of email phishing scam used to target individuals. In this ploy, cybercriminals spoof a recognized name, often in one’s own organization, to initiate a dialogue that results in the sharing of personal information, login credentials, or a fraudulent financial transaction. These emails are often brief with a sense of urgency.
Hyphens and/or symbols in the URL
Cybercriminals often pair these with known brands (e.g., “amazon-#offer.com”) to lure you in. Legitimate websites don’t typically have hyphens or symbols in their URLs.
URLs that are IP addresses
Website addresses that are entirely numbers are suspicious. Do not click this type of URL unless you are familiar with the IP address and you know exactly where the link will take you.
Services such as TinyURL and Bitly convert longer URLs to a URL with fewer characters. You should only click such links if you trust the sender of the link.
Cybercriminals can embed malicious URLs inside legitimate-looking text, logos, and images. However, by hovering (not clicking) your mouse over these links, you can see the hidden URL and verify its integrity.
Be wary of email attachments. Cyberattackers can deliver malicious software, or malware, through infected attachments that can cripple an organization, destroying data and stealing information. The attachments can be disguised as documents, PDFs, e-files, voicemails, and much more.
Use professional antivirus software and keep it up to date.
Related Terms & Definitions
- IP address
- Internet Protocol address: An identifying number associated with a specific computer or computer network.
- Uniform Resource Locator: Indicates the location of a web resource (like a street address indicates where a person lives physically). Because of this, a URL is often referred to as a “web address.”
- URLs that are not an IP address consist of a domain and a top-level domain (e.g. “office.com” where “office” is the domain, and “com” is the top-level domain), but can be narrowed with the use of a subdomain (e.g. “outlook.office.com” where “outlook” is the subdomain).
If you doubt a URL’s authenticity, don’t click it!
Questions about security awareness?
Office of Information Security