Security Advisory on Phishing Scams

We've recently observed a concerning rise in phishing and spear phishing attempts targeting our inboxes. These attacks are getting more sophisticated, and your vigilance is our strongest defense. It's vital we all know how to spot them, even when they look incredibly convincing.

Phishing emails aim to trick you into revealing sensitive information or clicking malicious links. Spear phishing is even more dangerous as it's highly targeted, often impersonating executives or colleagues you know, sometimes even from legitimate-looking uap.asia email addresses.

Key Red Flags to Watch Out For:

Here's what to look for, no matter who the email seems to be from:

1. The "From" Address is Suspicious (Even if it Looks Familiar):

   1. External Impersonation: Be extremely wary if an email claiming to be from a UAP executive or colleague comes from a generic email address like @gmail.com, @yahoo.com, etc. Our colleagues will always email you from their official @uap.asia accounts.

   2. Internal Compromise Risk: Even if the email appears to be from a legitimate @uap.asia address, remain cautious. A real account could be compromised. Always look for other red flags in the email's content.

2. Unusual Requests or Deviations from Normal Procedure:

   1. Immediate Financial Demands: Any email urgently requesting bank transfers, changes to payment instructions, or sharing financial credentials outside of standard, verified processes is a major red flag.

   2. Requests for Personal Details: Be suspicious if an email asks for personal phone numbers, home addresses, or other sensitive personal data that isn't typically needed for your role.

   3. Uncharacteristic Praise or "Familiarity": Cybercriminals might start an email with excessive praise or mention common third parties/projects to build trust, then quickly pivot to an unusual request.

   4. Asking You to Bypass Security: If an email asks you to disable security features, "verify" your account by clicking a link, or install unexpected software, it's a huge warning sign.

3. Sense of Urgency or Pressure: Phishing emails often create panic ("Act now!", "Account will be suspended!"). They want you to react without thinking.

4. Grammar, Spelling, or Tone Inconsistencies: While attackers are improving, subtle errors in grammar, spelling, or a sudden shift in the sender's usual writing style can be a giveaway.

5. Unexpected Attachments or Links: Never open attachments or click links from unknown senders, or if the email's content seems out of place or suspicious. Always hover your mouse over links to see the actual URL before clicking.

What to Do If You Spot a Suspicious Email:

• Do not Click any links.

• Do not Open any attachments.

• Do not Reply to the email.

• Do not Act on any requests.

Instead, please follow these crucial steps:

1. Do not act on the request unless a verification has been made via a different trusted channel or third party. This is crucial. If an email asks you to do something unusual, especially if it's financial or involves sensitive data, verify it through a method other than replying to the email. This could be a direct phone call to a known number, or speaking with a trusted colleague or assistant of the supposed sender. Remember that these messages often employ social engineering techniques to stir your emotions and urge immediate action.

2. Report the message as phishing in Gmail:

   1. Open the suspicious email.

   2. Click the three vertical dots (More) icon next to the reply arrow at the top right of the email.

   3. Select "Report phishing" from the dropdown menu. This helps Google's security systems learn and protect all users.

3. Forward the suspicious email IMMEDIATELY to itsupport@uap.asia for investigation, and then delete it from your inbox to remove immediate risk.

For More Information and Online Resources on Phishing:

We encourage you to deepen your understanding of online security by exploring these helpful resources:

• Google Safety Center - Avoid and report phishing emails: Essential tips directly from Google on identifying and handling suspicious messages (https://support.google.com/mail/answer/8253)

• Google Security Blog - Fighting phishing with smarter protections: Learn about Google's advanced efforts and features designed to protect against phishing (https://blog.google/technology/safety-security/fighting-phishing-smarter-protections/)

• Google's Phishing Quiz (Jigsaw): Test your ability to spot phishing scams in a fun, interactive way. (https://phishingquiz.withgoogle.com/)

Your proactive approach and adherence to these guidelines are vital in protecting the UA&P community. Thank you for your continued vigilance!

Related Resources:

• What to do if you are a victim of an Impersonation Scam