Phishing

Phishing is an attempt to fraudulently acquire personal information or resources by masquerading as a trustworthy entity. Social engineering is often used to manipulate you. Phishing is not limited to your digital devices.

Digital Phishing

Phishing Emails

Email is the number one way used by hackers to steal information. One reason this is true is that almost everyone has an email address. This means the number of people who can be reached is very high. If only a fraction of the people sent a phishing email fall for the phishing, the payoff is still large.

Clicking is an action that can have consequences. Care and responsibility should be exercised just like when driving a car.

Clicking to follow a link and downloading attachments are the most frequently used ways to infect a computer. One click is all it takes to infect a computer with malware.

Once infected, your data and personal information is at risk.

Phishing emails are designed to look authentic and some are quite clever.

Identifying Phishing Starts in the Inbox

Visual literacy - teaches sighted users where to look and referenced in bold or strong in the text.

Critically examine all emails. This process should begin before you open an email.

Sender Information

Hover your mouse over the name of the Sender. A window will open and give you the senders name and email address.

A visual representation of the sender window.

In this case the sender name is Email Team. The email address is obiechec@uni.coventry.ac.uk. Both of these should be red flags.

Names of people or departments you are not familiar with are initial warning signs that there may be a problem.

Unfamiliar email address with dot (.) extensions in other countries can be a red flag. The extension .ac.uk is an educational extension, just not in the USA where we use .edu. 

Look for clues as to the authenticity of the address. Hackers will try to fool you with clever switches that are similar to, but not the same as, a company's official email address. Example: ArnericanBank.com with a r and a n instead of AmericanBank.com with an m

Fraudsters often sign up for free email accounts with company names. These email addresses are meant to fool you.

Subject Information

Read the Subject and see what clues you get from the information it contains.

In this case the subject says Account unusual sign-in activity.

Right away the fact that this is from an email team and they are talking about account sign-in is a red flag. Information like this is exactly what hackers are looking for.

The way the subject is written is also concerning. Common practice would be Account, then a comma, dash, or colon before unusual or Unusual account.

Message Information

Message information. Ask yourself if you know the sender or know about the subject. Do they know you or use a generic greeting?

Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear Customer", "Dear Member", or Dear Account User.

Emails that are sent from the NSU IT Service Desk will always be sent from its@nsuok.edu and help@nsuok.edu.

The NSU IT Service Desk will address you formally using Mr. or Ms. with your Last Name. In some cases, when mailing to all faculty, staff, or students the NSU IT Service Desk may simply say Hello to begin an email.

Attachments

If there are attachments, you will see a paperclip icon to the right of the title/subject.

Attachment can be dangerous because they may contain malware. This icon combined with other warning signs is a strong red flag.

Ask Yourself...Should I open this email?

If every element discussed above sends up red flags you can delete or move the message to spam. 

If you are not sure, you may open and read the email. DO NOT CLICK on anything in the email.

Continue down this page to learn what to look for in the body of the email.

The better you get at recognizing red flags the safer you, your data, and NSU will be.

Back to Top

Back to Cyber Security

Dealing with Phishing

Contact the NSU IT Service Desk at 918-444-5678 or by emailing help@nsuok.edu, to validate the phishing email for you.

Mark the phishing email as spam and delete it from your GreenMail account immediately.

DO NOT click on hyperlinks or download attachments within a phishing email.

If you do enter your information after clicking on a hyperlink within a phishing email, reset your NSU password immediately through the Password Manager.

Resources

Video Resource: Phishing 101

Redirect Detective

URL's or web addresses are sometimes rerouted. This tool lets you see where the URL really goes.

Human Factors

Urgent action required: Fraudsters often include urgent "calls to action" to try to get you to react immediately.

Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required."

The fraudster is taking advantage of your concern to trick you into providing confidential information.

Read More

Rule of Thumb

If it seems too good to be true... it probably is.

If it's free, you are the product.

If you don't know someone, do not give them sensitive information.

Opening Email

At this time, it is safe to open an email, just not to click on anything in the email.

What to Look for in an Email

Accounts You Don't Have & Companies You Don't Know

If the sender is talking about an account you have never heard of with a company you have no relationship with, this is classic phishing.

Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.

Links that are not quite right. Links containing an official company name, but in the wrong location

The sender asking you to give away sensitive information such as your username/password.

When you type this information into a Phishing email the data is redirected to a site the hacker can access.

Spelling errors, poor grammar, or inferior graphics.

Requests for personal information such as your password, username or userID, email address, or full name.

Spear Phishing

Spear Phishing targets individuals based on group membership.

Hackers use social engineering techniques to trick members of an organization into giving out information or clicking on infected downloads to steal information they can use to make a profit.

There are many types of phishing attacks. To read and learn more, follow this link or the link below to the PCWorld article Types of Phishing Attacks.

http://www.pcworld.com/article/135293/article.html

Back to Top

Back to Cyber Security

W-2 Attack

Spear Phishing Examples

Posted by Jordan Kadlec on Mar 16, 2017

https://blog.watchpointdata.com/spear-phishing-examples

Between late 2015 and early 2016, more than 55 companies fell victim to a highly-tailored spear phishing campaign. This campaign was responsible for stealing and compromising the W-2 U.S. tax records of every employee working for these companies in 2015.

Why would the hackers want the information from W-2s? These documents have a wide range of sensitive information that can be used for various forms of identity theft. Remember, your W-2 has your social security number and address on it. There are also two other possibilities that hackers could do with your W-2s. The more likely of the two is the hackers would sell this data on dark-web forums, allowing other cybercriminals to do as they please with this information. The less-likely option is the hackers could attempt to file your taxes before you, and collect on your tax refund.

This is a small excerpt from the posted article. You may read the whole article on the WatchPoint Comprehensive Cyber Security website.