We Guide You Home

Tech Tip: Email Spam and Phishing

Recently some members received a spam/phishing email to their NATCA email account. Phishing is an attack using email to try and trick recipients to click on a link that takes visitors to malicious websites to collect personal or financial information or infect their machine with malware and viruses. NATCA’s systems block hundreds of thousands of spam, malware, and phishing attacks every month. But there is no way to block all such threats. When this sort of attack happens, we work to identify the source and block their ability to send additional mail to addresses on our email server. 

We want to reminder members that we will NEVER ask you to provide any personal information or passwords. Many email attacks often include some sort of fake emergency requiring immediate attention. For example, the email this week stated that recipients’ passwords for their NATCA Rackspace email were about to expire. NATCA’s Rackspace and Office 365/Teams passwords DO NOT expire, so you can delete any emails related to expiring passwords. 

Here are some tips for protecting yourself from becoming a phishing victim.

  • Never reveal personal or financial information in an email, and do not respond to email solicitations for this sort of information. 
  • If an email, website, or social media post seems suspicious or offers something that sounds too good to be true, assume it is spam. When in doubt, it is best to delete it or mark it as junk. 
  • If you suspect an email might be spam, DO NOT reply to the email. 
  • Links in email, texts, tweets, posts, and online advertising are often how cybercriminals try to compromise your information, so think before you click. If you suspect an email might be spam, DO NOT click any links in it, including any unsubscribe links. 
  • You can HOVER your cursor over a link in an email or on a webpage, and it will show the URL of where that link would take you. Again, only HOVER over the link, DO NOT click it until you have decided the linked webpage is familiar and safe.

If you have other questions or concerns about your email account security, NATCA’s ITC (Information Technology Committee) is here to help and can be reached at [email protected]. If you are unsure whether an email is legitimate, forward it as an attachment to the ITC, so we can review it and provide guidance. If you cannot forward as an attachment, please try to retrieve the header information of the email and send it to [email protected].

How to Retrieve Full Email Headers

Full email headers are more than the “from” and “to” lines your email client displays at the top of your messages. The full email headers contain a lot of information, including every hop a message has taken across the Internet to get from its sender to you. This data can be valuable in tracking down the real origin of an email. Email can be easily forged or “spoofed,” but every email will always be marked with the true IP address of the sending computer. The trick is getting your email client to display these lines so that you can forward them to the ITC. 

Office 365 Webmail (Outlook Web Access)

  • Double-click the message in your inbox to open it. 
  • On the top menu where you see buttons for delete, reply, etc., click the button with an ellipsis (…) on it.
  • Click View Message Details. 

Apple Mail 

  • Double-click the message in your inbox to open it. 
  • From the View menu, click Message, then All Headers. The headers will then be displayed at the top of the message.

Gmail 

  • Open the message.
  • Click the small downward-facing arrow next to the Reply button at the top right of the message.
  • Select Show Original and the headers will appear in a new window. 
Jump to top of page