Email Phishing

Tags phish-tank

Question

I think I received a phishing attempt. What do I do?

Be Reasonably Suspicious

Be reasonably suspicious about unexpected emails. You can contact either the USS-Technology Service Desk (TSD), the Information Security Office (ISO), or your local IT department for assistance with verifying the authenticity of any suspect emails. If you are unsure if a suspicious email is phishing, you can also contact the sending institution directly using officially published contact information for verification. For example, if you receive a weird email from the Registrar Office, call the number on their official website.

What Not to Do

If you suspect you have received a phishing attempt email: do not open any links, do not open any attachments, do not reply to the email, and do not start a remote session.

Information Services will never email you asking for your user name or password. Never reply to unexpected emails with sensitive information such as your Social Security number, and avoid transmitting information like that via email at all.

Review the UO Phish Tank

UO Phish Tank is a collection of suspicious email messages that have been reported to the ISO.

You can view phishing messages without logging in to the website. If you log in, you can also see messages that were reported as suspicious but are actually legitimate.

Reporting and Follow-up

If you have not opened any links, attachments, replied, or started a remote session:

  1. Report the message using the Report Phish button or Send a copy of the suspicious email as an attachment to phishing@uoregon.edu
  2. Delete the email

If you have opened any links, attachments, replied, or started a remote session:

  1. Unplug your network cable or disconnect from the Wi-Fi
  2. Contact your IT department or the USS-Technology Service Desk

If you have provided your password either via email or login form:

  1. Immediately change your login password at Duck ID Self-Service
  2. Change your security questions
  3. Report your account as potentially compromised to infosec@uoregon.edu

Examples of Phishing Emails

These are examples of phishing emails that UO faculty, staff and students have received.

"ADMINISTRATIVE ASSISTANT REMOTE JOB"

"Unable to display this message click here to view this message"

"You have received a new message from the IT Department regarding your account. Please sign in immediately to read this message."

"This is to inform you that a new course has been added to your study list and also view your timetable for the new coming session. Please Login below."

"Your online access has been temporarily disabled. Please re-activate your account immediately by clicking on the "Re-activate My Account" button below:"

For IT Professionals

Keep your customers aware of ongoing phishing threats and be available to assist them if they have questions concerning potential phishing emails.

University IT staff are encouraged to report phishing websites to Safe Browsing, Microsoft, and PhishTank in addition to sending notifications to phishing@uoregon.edu. Report phishing attempts to phishing@uoregon.edu. This allows Information Services staff to take steps to mitigate the phishing threats for users on the campus network. Submitting phishing websites to the resources identified below assists with protecting users when they are not on the campus network.

Report to Google Safe Browsing

Reporting phishing websites to Google's Safe Browsing improves Chrome, Firefox, and Safari built-in ability to protect faculty, staff, and students from active phishing threats.

Report to Microsoft

Reporting phishing websites to Microsoft improves Internet Explorer's built-in ability to protect faculty, staff, and students from active phishing threats.

Report to PhishTank

PhishTank is a collaborative clearing house for data and information about phishing on the Internet.

Print Article

Related Articles (7)

What is doxing, how do we avoid it, and respond if it should happen.
Learn about the Introduction to Phishing online training module available to everyone at the UO.
Learn about the Tax-Related Phishing online training module available to everyone at the UO.
The UO community is often the target of unwanted email messaging campaigns requesting that the user visit a website and enter their credentials in order to address an urgent issue with their accounts, banking records, student information, and employee records. This knowledge base article will provide you with ten (10) basic tips that everyone can follow to help discern whether an email message is face.
Information about unsolicited and undesirable emails, text (SMS) messages, voice messages, telephone spam, and caller ID spoofing. Spoofing means that the caller has falsified their caller ID. Be wary of all unsolicited contact. Do not divulge sensitive or personal information when engaging with any unsolicited contact.
Learn how to use the "Report Phish" button in Outlook to report phishing emails to the UO Information Security Office.
This article contains information on preventing an account compromise as well as how to regain access once an account is compromised.