ANALYST COMMENTARY: Ultimately, people are the most effective means of detecting potential phishing attempts. Under no circumstances should one open email or their attachments, click on links and/or comply with requests within email presenting recognizable indicators of a potential phishing attempt.

These indicators include:

email that comes from a questionable or unfamiliar origin email address;

email with a generic salutation, significant and/or obvious grammar or spelling mistakes, questionable or unexpected links or attachments, or suspicious or questionable content, tone, or tenor;

and/or email that requests sensitive or personal information.

Remember, phishing can take many forms. Do not assume that an HTTPS domain is secure and as Krebs suggests, “If you didn’t go looking for it, don’t install it: Password stealing malware doesn’t only come via email; quite often, it is distributed as a Facebook video that claims you need a special ‘codec’ to view the embedded content. There are tons of variations of this scam.

The point to remember is: If it wasn’t your idea to install something from the get-go, don’t do it.” If you are concerned you may have received a phishing email, or fallen victim to any attempt, contact your security team or help desk immediately and forward information related to the attempt to spam@uce.gov and st-isac@surfacetransportationisac.org.