What is it?
Phishing is the use of email and fraudulent web sites to trick people into disclosing personal financial or identity information, such as credit card or Social Security numbers, user names (e.g., NetIDs), passwords and addresses. Although most "phishes" come as email, phishing scams can also come in the form of text messages and phone calls. It's called "phishing" because the criminals are broadcasting phoney emails to large numbers of addresses, and they're hoping the recipients will "take the bait." The emails will either try to entice you with promises of great deals, or scare you into providing the information.
Phony emails are sent from addresses across the Internet and appear to be from reputable organizations, but are not. The emails are actually from criminals who are attempting to lure you to provide your personal information. Often both the emails and the web pages they direct you to look just like you would expect to see from that organization, since the logos and formats have been copied. The message uses social engineering tactics that might indicate there is a problem with your account, and urges you to respond immediately by clicking a web link to "verify" or "update" your account information.
It's important to note, that the company that is being spoofed has nothing to do with the scam. Their name is just being used to trick you into "taking the bait."
What are some examples of phishing?
If you receive email soliciting confidential information such as your password, Social Security Number, credit card number or other sensitive information, with instructions to send it via email, this is likely a scam. Email messages travel over the Internet in an insecure manner, and you should never send sensitive information in an email. The University of Louisiana at Lafayette will NEVER request this information from you via e-mail. You can view a sample phishing scam message here.
How to Recognize Scams
Scam tactics are increasingly sophisticated and change rapidly. Even if a request looks genuine, be skeptical and look for one or more of these warning flags:
- The message is unsolicited and asks you to update, confirm or reveal personal identity information (e.g., full SSN, account numbers, NetID, passwords, protected health information).
- The message creates a sense of urgency.
- The message may have an unusual "From" address or an unusual "Reply-To" address instead of a recognizable "@louisiana.edu" style address.
- The (malicious) web site URL doesn’t match the name of the institution that it allegedly represents.
- The web site doesn’t have an "s" after "http" (for example, https://) indicating it is not a secure site.
- The link in the pop-up doesn’t match the printed text.
- The message is not personalized. Valid messages from banks and other legitimate sources usually refer to you by name.
There are grammar or spelling errors.
How did they get my email address?
Schools, government agencies and some businesses and associations post staff, student and other email addresses on the Internet. Sometimes people use their email addresses when posting to web pages, blogs or online forums. Sometimes people click on the "unsubscribe" links in spam email, thus providing the phisher with a valuable acknowledgement that your email address is correct!
To see where the phishers may have obtained your email address, go to google.com, and in the search field, enter the following. Be sure to include the quotation marks and ampersand (&) to increase the accuracy of your search. Substitute your own information for the placeholders in the search strings.
"your_last_name" & "@the email domain name where you received the phishing email.
An example would be:
"doe" & "@nd.edu"
Any listings of your email address that appear are a potential source used by phishers and spammers to get your email address.
What's the big deal if I give them my username (ULID) and password?
In the case of banking the results are obvious: the scammer now has access to your money. However, in a university, what they gain access to is a bit different and could cause damage to both yourself and others. They could potentially gain further information about you and your friends/coworkers that they could use to steal more identities. They gain access to your email, allowing them to read and send messages on your behalf, including high quantities of spam. They will have access to ULL services that you are authorized to use, and could do things like change your insurance beneficiaries, emergency contact information, your course selections, etc. They could also lock you out of your account by changing your password.
Often, once a hacker has your ULID and password they will use YOUR email account to send huge volumes of spam. This could result in ULL email being blocked by some sites, preventing legitimate email from being delivered for multiple days. If the IT receives a report that your account has been compromised in this manner, we will block all access (including your own) to your account, and you may be required to contact the IT Service Desk to request your access to be restored.
What do I do if I receive an email that looks suspicious?
If the email appears to be from an organization with which you do not currently do business, discard it. If it appears to be from an organization such as your financial institution, contact that organization for instructions. It is important that you not use the phone numbers, or web, or email addresses included in the suspicious email, as they may not be legitimate, but could connect you with the criminals. Use officially published addresses and phone number from the institution where you do business.
If you receive unsolicited email (spam) and wish to report it, you can forward it to email@example.com with full headers displayed. Additional information can be found on the IT Service Desk’s spam information site.
Phishing emails can be forwarded to firstname.lastname@example.org.
What if I already provided my personal information?
If you provided debit or credit account information, contact your financial institution immediately. If you provided your username and or password, contact the institution or organization that the account is associated with and they can assist you in resecuring your account.
What is IT Services doing about these scams?
With each new email scam that we observe, the IT system administrators analyze the message and make configuration changes to attempt to block future messages, while being careful NOT to block legitimate email.
The first line in every email received from off-campus has this message (see picture below) to let you know the email is from off campus. While it may be from a legitamate source conducting legitamate business, it could be your first indication of a possible phishing attempt.
The addition of Multi-Factor Authentication (MFA) adds a greater degree of protection to your account. IT Services will be rolling out MFA on all Microsoft accounts this year (2022) in conjunction with policies set forth by Microsoft. See more about MFA at UL Lafayette HERE.
Unfortunately, it is impossible to predict exactly what the next scam will look like or where it will come from, so we are unable to stop some of these messages from getting through to your mailbox. When they do, use the delete key.
What should I do if my account has been compromised?
If you have followed the link on a suspicious email or have noticed unusual activity relating to your account, you may have been compromised. If this is the case, you should take the following steps in order to protect yourself:
- Reset your password. You can reset your password at the password help page – You may want to do this from a computer you know is secure, so that if your machine itself is infected, your password will not become compromised.
- Run a virus and malware scan – Even if you believe that only your email was compromised it never hurts to run a virus and malware scan to ensure that your machine is clear of infections.
- If you believe that your machine was compromised or if your virus and/or malware scans turned up an infection, you should have it looked by an IT specialist. If it is campus owned, either contact your local IT representative or contact the IT Service Desk so that one can be dispatched to you. If it is a personal machine, it can go to a local service center in your area.
Once you have completed these steps, please contact the IT Service Desk for assistance in checking your account for any malicious modifications.
*Information taken in part or whole from University of Notre Dame's OIT.