Email Phishing

Question

I think I received a phishing attempt. What do I do?

Be Reasonably Suspicious

Be reasonably suspicious about unexpected emails. You can contact either the Technology Service desk, the Information Security Office, or your local IT department for assistance with verifying the authenticity of any suspect emails. If you are unsure if a suspicious email is phishing, you can also contact the sending institution directly using officially published contact information for verification. For example, if you receive a weird email from the Registrar Office, call the number on their official website.

What Not to Do

If you suspect you have received a phishing attempt email: do not open any links, do not open any attachments, do not reply to the email, and do not start a remote session.

Information Services will never email you asking for your user name or password. Never reply to unexpected emails with sensitive information such as your Social Security number, and avoid transmitting information like that via email at all.

Review the Phish Tank

This site is a collection of suspicious email messages that have been reported to the UO Information Security Office (ISO).

You can view phishing messages without logging in to the website. If you log in, you can also see messages that were reported as suspicious but are actually legitimate.

https://phishtank.uoregon.edu

Reporting and Follow-up

If you have not opened any links, attachments, replied, or started a remote session:

  1. Send a copy of the suspicious email as an attachment to phishing@uoregon.edu
  2. Delete the email

If you have opened any links, attachments, replied, or started a remote session:

  1. Unplug your network cable or disconnect from the WiFi
  2. Contact your IT department or the Technology Service Desk

If you have provided your password either via email or login form:

  1. Immediately change your login password at duckid.uoregon.edu
  2. Change your security questions
  3. Report your account as potentially compromised to infosec@uoregon.edu

Examples of Phishing Emails

These are examples of phishing emails that UO faculty, staff and students have received.

"Unable to display this message click here to view this message"

"You have received a new message from the IT Department regarding your account. Please sign in immediately to read this message."

"This is to inform you that a new course has been added to your study list and also view your timetable for the new coming session. Please Login below."

"Your online access has been temporarily disabled. Please re-activate your account immediately by clicking on the "Re-activate My Account" button below:"

For IT Professionals

Keep your customers aware of ongoing phishing threats and be available to assist them if they have questions concerning potential phishing emails.

University IT staff are encouraged to report phishing websites to Safe Browsing, Microsoft, and Phishtank in addition to sending notifications to phishing@uoregon.edu. Reporting phishing attempts to phishing@uoregon.edu. This allows Information Services staff to take steps to mitigate the phishing threats for users on the campus network. Submitting phishing websites to the resources identified below assists with protecting users when they are not on the campus network.

Report to Google Safe Browsing

Reporting phishing websites to Google's Safe Browsing improves Chrome, Firefox, and Safari built-in ability to protect faculty, staff, and students from active phishing threats.

http://www.google.com/safebrowsing/report_phish/

Report to Microsoft

Reporting phishing website to Microsoft improves Internet Explorer's built-in ability to protect faculty, staff, and students from active phishing threats.

https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site

Report to PhishTank

PhishTank is a collaborative clearing house for data and information about phishing on the Internet.

https://www.phishtank.com/

0% helpful - 1 review

Details

Article ID: 34457
Created
Thu 7/27/17 9:57 AM
Modified
Wed 10/27/21 2:02 PM