Phish Image

Phish Tank

What is phishing?

Phishing is a type of Social Engineering attack in which a bad actor poses as a trusted or reputable source and sends fraudulent emails with the intent of manipulating victims into:

  • Revealing personal, protected, or confidential information
  • Executing malicious software, usually by clicking a link or opening an attachment, that allows them to steal data or take control of the system

Most phishing emails targeting OU generally fall into two categories:

  • Phishing: Messages that are sent in bulk to our user community containing general information. For example these phishing messages typically have limited, if any, personal information and usually include a generic message such as “Your mailbox is full” or “Your account expires, please reactivate using this link”. Additionally, the message appear from a generic party such as “Your support team”
  • Spear Phishing: Messages that are specific in nature and target individuals or a departments by personal information such as first and last name, job title, etc. Furthermore, these messages appear to come from someone you know such as a coworker, supervisor, or business partner and are informal "I'm in a meeting and need help, do you have 5 minutes to spare"

Is spam the same as phishing?

Although similar spam and phishing are different types of email. Spam is unsolicited promotional email sent in bulk and can be equated to "junk mail" received via the USPS and beyond clogging up your mailbox is typically harmless. As described above phishing is more nefarious and is intended to gain sometime from the recipient such as gift cards, credentials, or information that can be used for identity theft.

How can I spot phishing?

Phishing emails often contain one or more of the following indicators

  • Poor grammar and/or spelling
  • Too good to be true. For example "You've been selected to receive a new iPhone for free"
  • A sense of urgency and deadline for action. For example: "Click Here in the next 24 hours to reactivate your account or your email will be deleted"
  • Request for non-standard follow-up method of communication. For example you typically communicate with the person via email, but they are now asking you text them at a new number
  • Unusual financial requests such as paying an invoice using a non-standard process, purchasing gift cards, or asking you to purchase something with personal funds and get reimbursed
  • Unusual Sender address. For example [email protected] Note: The address ends in @gmail.com instead of oakland.edu

  • Unexpected invitations to collaborate with new entities (e.g. other schools, charities, businesses, etc.)

UTS maintains a repository of phishing emails that have targeted the University, reviewing the Fresh Phish is a great first step to determine if an email is phishing.

Another great resouce for protecting yourself from phishing is the UTS Security Awareness Training program. This training is available to all faculty and staff and can be completed in as little as 2 minute increments.

How can I protect myself from phishing?

Below are some methods to protect against phishing emails.

  • Only access email only using Webmail

  • Do not click links contained in a email, instead open a browser window and navigate to the site by typing the address into your browser
  • On mobile devices hold your finger down on the link and true destination address will appear
  • Ensure you have up to date malware and antivirus software installed and verify its configured to scan email attachments
  • Enable browser security settings to block fraudulent websites
  • Verify the message using a trusted contact method. For example call the person directly or follow-up with a company using the contact information on their website
  • DO NOT engage with the malicious attacker. While it may be tempting to respond to a phishing email saying "I have reported this message" this type of contact just encourages more malicious activity.

How can I report a phishing email ?

If you suspect a message is phishing the most effective action is to report directly to Google, who is the University's email provider. Google has automated processes to identify the sender and block future mail from being delivered. You may report phishing by completing the follow steps:

  1. Open Webmail (webmail.oakland.edu) in a browser
  2. Open the phishing message
  3. Next to Reply Reply , click More More

  4. Click Report phishing.

Google provides more detailed information at their "Avoid and report phishing emails" wesbite.

You can also help protect the University by submitting new or novel emails to the UTS Security Team for review and inclusion in our phishing examples library. by completing the following steps:

  1. Open Webmail (webmail.oakland.edu) in a browser
  2. Open the phishing message
  3. Forward the email to [email protected] with a Subject Line of: "Phishing Example"

  4. Next to Reply Reply , click More More

  5. Click Show Original
  6. Select Copy to clipboard
  7. Create a new email and paste this information into it.
  8. Send the new email to [email protected] with a Subject Line of: "Phishing Example - Show Original"

If you interacted with a phishing email by clicking a link please follow the steps below. If you had additional interactions such as emailing or calling the malicious actor, providing NetID credentials, or installing software immediately contact the Security Team by emailing [email protected]

  • Reset your GrizzlyID PIN, NetID, and ADMNET passwords by using the NetID Utility.

  • Reset your Banner password by using the Banner Unlock Reset Utility

  • Complete the Gmail Security Checklist

  • Ensure that no additional devices have been added to your Duo Account using the Managed Devices option
  • Review your OU account(s) for signs of alteration or suspicious activity. For example the types of items we encourage you to verify are:
    • Webmail settings such as address book, reply to address, signature, filters, etc
    • G Suite settings including calendar sharing and nickname per Google's directions

    • Registration Status and Course enrollment (if applicable) using MySail

    • Personal and Direct Deposit information (as applicable) using Sail

  • If the event occurred on a University owned devices submit a ticket to the OU General Helpdesk by emailing [email protected] and request a malware scan

  • If an abnormality are discovered while completing the above steps submit a ticket to the Security Team by emailing [email protected]