Phish Image

Phish Tank

Contents

*** ACTIVE PHISH ALERT ***

University Technology Services (UTS) has received reports of a malicious actor sending text messages to faculty and staff claiming to be President Pescovitz. The campus community should report as spam/block the number (if offered by your provider), or disregard these messages.

Beware of emails offering remote Research Assistant positions or remote internships. Currently, many schools across the US are being targeted with these phishing emails. They typically ask you to respond to a Gmail account or phone number instead of a school account. Once victims respond to the email, the attacker asks for the victim's banking information so they can transfer initial funds for equipment costs.

Also, beware of emails with the subject line "Undelivered message error". It is coming from outside of the university. The attacker is attempting to get victims to click on the link inside the email.

What is phishing?

Phishing is a type of Social Engineering attack in which a bad actor poses as a trusted or reputable source and sends fraudulent emails with the intent of manipulating victims into:

  • Revealing personal, protected, or confidential information
  • Executing malicious software, usually by clicking a link or opening an attachment, that allows them to steal data or take control of the system

Most phishing emails targeting OU generally fall into two categories:

  • Phishing: Messages that are sent in bulk to our user community containing general information. For example these phishing messages typically have limited, if any, personal information and usually include a generic message such as “Your mailbox is full” or “Your account expires, please reactivate using this link”. Additionally, the message appear from a generic party such as “Your support team”
  • Spear Phishing: Messages that are specific in nature and target individuals or a departments by personal information such as first and last name, job title, etc. Furthermore, these messages appear to come from someone you know such as a coworker, supervisor, or business partner and are informal "I'm in a meeting and need help, do you have 5 minutes to spare"

Is spam the same as phishing?

Although similar spam and phishing are different types of email. Spam is unsolicited promotional email sent in bulk and can be equated to "junk mail" received via the USPS and beyond clogging up your mailbox is typically harmless. As described above phishing is more nefarious and is intended to gain sometime from the recipient such as gift cards, credentials, or information that can be used for identity theft.

How can I spot phishing?

UTS maintains a repository of phishing emails that have targeted the University, reviewing the Fresh Phish is a great first step to determine if an email is phishing.

Most Common Phishing Messages

  • Remote Work/Internship Positions
  • Check Cashing
  • Benefits Package

Check out Fresh Phish for more examples

Top Indicators

Phishing emails often contain one or more of the following indicators

  • Poor grammar and/or spelling
  • Too good to be true. For example "You've been selected to receive a new iPhone for free" or "$350/week for 7 hours"
  • A sense of urgency and deadline for action. For example: "Click Here in the next 24 hours to reactivate your account or your email will be deleted"
  • Request for non-standard follow-up method of communication. For example you typically communicate with the person via email, but they are now asking you text them at a new number
  • Unusual financial requests such as paying an invoice using a non-standard process, purchasing gift cards, or asking you to purchase something with personal funds and get reimbursed

  • Unusual Sender address. For example [email protected] Note: The address ends in @gmail.com instead of oakland.edu

  • Unexpected invitations to collaborate with new entities (e.g. other schools, charities, businesses, etc.)

Another great resource for protecting yourself from phishing is the UTS Security Awareness Training program. This training is available to all faculty and staff and can be completed in as little as 2 minute increments.

How can I protect myself from phishing?

Below are some methods to protect against phishing emails.

  • Only access email only using Webmail

  • Do not click links contained in a email, instead open a browser window and navigate to the site by typing the address into your browser
  • On mobile devices hold your finger down on the link and true destination address will appear
  • Ensure you have up to date malware and antivirus software installed and verify its configured to scan email attachments
  • Enable browser security settings to block fraudulent websites
  • Verify the message using a trusted contact method. For example call the person directly or follow-up with a company using the contact information on their website

  • DO NOT engage with the malicious attacker. While it may be tempting to respond to a phishing email saying "I have reported this message" this type of contact just encourages more malicious activity.

How can I report a phishing email ?

If you suspect a message is phishing the most effective action is to report directly to Google, who is the University's email provider. Google has automated processes to identify the sender and block future mail from being delivered. You may report phishing by completing the follow steps:

  1. Open Webmail (webmail.oakland.edu) in a browser
  2. Open the phishing message

  3. Next to Reply Reply , click More More

  4. Click Report phishing.

Google provides more detailed information at their "Avoid and report phishing emails" wesbite.

You can also help protect the University by submitting new or novel emails to the UTS Security Team for review and inclusion in our phishing examples library. by completing the following steps:

  1. Open Webmail (webmail.oakland.edu) in a browser
  2. Open the phishing message

  3. Forward the email to [email protected] with a Subject Line of: "Phishing Example"

  4. Next to Reply Reply , click More More

  5. Click Show Original
  6. Select Copy to clipboard
  7. Create a new email and paste this information into it.

  8. Send the new email to [email protected] with a Subject Line of: "Phishing Example - Show Original"

If you interacted with a phishing email by clicking a link please follow the steps below. If you had additional interactions such as emailing or calling the malicious actor, providing NetID credentials, or installing software immediately contact the Security Team by emailing [email protected]

  • Reset your GrizzlyID PIN, NetID, and ADMNET passwords by using the NetID Utility.

  • Reset your Banner password by using the Banner Unlock Reset Utility

  • Complete the Gmail Security Checklist

  • Ensure that no additional devices have been added to your Duo Account using the Managed Devices option
  • Review your OU account(s) for signs of alteration or suspicious activity. For example the types of items we encourage you to verify are:
    • Webmail settings such as address book, reply to address, signature, filters, etc

    • G Suite settings including calendar sharing and nickname per Google's directions

    • Registration Status and Course enrollment (if applicable) using MySail

    • Personal and Direct Deposit information (as applicable) using Sail

  • If the event occurred on a University owned devices submit a ticket to the OU General Helpdesk by emailing [email protected] and request a malware scan

  • If an abnormality are discovered while completing the above steps submit a ticket to the Security Team by emailing [email protected]

What should I do if I was a victim for check cashing phishing campaign?

If you were a victim for a check cashing phishing email, please see the instructions below.

If the check is deposited, kindly contact OUPD or the nearest police department to report the incident. Follow the directions given by the police department. Notify your bank regarding the incident.

If the check is not cashed:

  • Block the person communicating through the phishing email.
  • Reset your OU NetID and password. Choose a strong password during the reset.
  • Delete any downloaded attachments or files that might have come with the phishing emails.
  • Run a full system Anti-virus/Malware scan your device which recieved the phishing emails.
  • Always keep a close look if any follow up suspecious or potentially phishing emails come up.