Your Bank > News

Malicious Phishing On The Rise

May 14, 2018

Canandaigua National Bank & Trust’s Information Security Department has seen an increase in malicious phishing campaigns within the first quarter of 2018 targeting unsuspecting users. These phishing campaigns revolve heavily around user interaction and attempt to get users to input credentials. Here are a couple of examples:

Phishing Image 1  

The following red flags can help you spot a malicious email:

  1. Odd characters in sender address—If you don’t recognize the sender’s email address as someone who you normally communicate with, this is your first red flag. In this particular phishing example take a closer look at the senders email address. You will notice there are special characters designed to look like this email is coming from a legitimate source. In this case this sender’s email address is from a suspicious domain which should be an automatic red flag. 
  2. Minor errors—The date for which this email attachment expires is before the date the email was actually sent. This is another red flag. 
  3. Inconsistencies in the links—Is the sender asking you to download or preview an attachment or website? If so, hover your mouse over the hyperlink that’s displayed in the email message. If the email link goes to a different website, this is a huge red flag. Cybercriminals will attempt to change websites to look legitimate to the untrained eye. Take for instance cnbä; at first glance it does look like a legitimate link, but upon closer inspection the "a" has 2 dots over it making it incorrect. 

Here is another example regarding Microsoft Office 365:

Phishing Image 2


  1. Odd characters in sender address—Microsoft Office has special characters to bypass spam filters to sneak into your network. Be on the lookout for special characters in the senders email address. 
  2. Subject does not match the message—The subject line of the email does not match the message content. 
  3. Sense of urgency—The cybercriminal is attempting to create a sense of urgency by saying that there is an error with your mailbox. This is an attempt to trick you into taking action quickly. If someone is asking you to do something quickly, stop, look and think before you click! 
  4. Urgent action required—Another attempt to get you to act quickly, the cybercriminal has indicated you have exceeded your mail quota and you are due for an upgrade. Stop, look and think! 
  5. Inconsistencies in the links—By hovering over the link you can see that the address is inconsistent the content which is a huge red flag. 

When in doubt about an email address, contact the sender. It is always better to be safe than sorry when it comes to information security. 

For more security tips, visit our Security Center.