What You Need to Know About That Phishy Email

SEMO IT has noticed an increase in the number of email based phishing attacks in which several employees have been asked to hand over their user credentials in the guise of keeping their accounts active. IT is continuously looking for solutions to mitigate (block) these types of messages.  However, you are our front-line defense. Please read the following information on identifying phishing emails.  

 

What is a phishing attack? 

Phishing is a form of social engineering where an attacker is utilizing human interaction to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, such as claiming to be a new employee, a member of the IT department, or a representative of a reputable company. Typically phishing is accomplished via email, but can also be done over the phone or even in person. While we are just covering the email form of phishing, there are a lot of similarities between all three methods used. 

 

What does a phishing email attack look like?

The typical phishing message will press you to take an action, such as “authorize payment” or “accept a shipment.” The message will often include some urgency to the action such as “late payment fee” or “loss of services”. Finally, the message will typically provide a link to a website or an attached document to help you fix the reported issue. In the event of payment requests, they typically request a picture from the back of a gift card as the form of payment. 

As you might expect, the website will ask you to login and validate your identity. The webpage may look legitimate, similar to other login pages you use.  But it’s not. It will collect your username and password and then use that information to steal additional information, access services and send out additional phishing messages and spam. 

If it was an attached document it may claim to be encrypted and request that you enable macro’s or follow a web link in order to read it. In both cases malicious software is usually downloaded to your PC automatically, potentially causing loss of data or a security breach in the SEMO network. 

 

What can you do?

Scrutinize any email which sends you to a login page or an unexpected attachment. Check the link in your web browser. Does the link on the page look legitimate (ex: bit.ly vs semo.edu)? Check the sending user. Does the email appear to be coming from the same person (ex: From: department@semo.org when signature says it’s from your Department Head)?  

While some links can look very different and very long, they all follow a very specific format. Most of our SEMO login pages have a link that contains semo.edu/, office.com/, or microsoftonline.com/﷟HYPERLINK “http://semo.edu/”. Note: the / is important. It denotes the end of the domain name.  A lot of information can follow the domain name in a link, but the domain determines the owner of the site.

Here are some example domains used at SEMO. 

  1. http://semo.edu/…
  2. https://semo.edu/…
  3. https://mail.edu/…

 

You wouldn’t want to login using the following links because you don’t know who owns these pages.

  1. http://support.edu.ru/… – Notice the .ruafter .org and before the /.  (ru is Russia) 
  2. http://it.SEMO.org/… – SEMO.org is not owned by SEMO.
  3. http://login.com/… – Notice that Microsoft is misspelled.

 

Think you may have been compromised? 

First, change your account’s password. You may find current instructions on password requirements and how to change them located on the IT Security page for passwords at http://www.semo.edu/it/security/password.html . Don’t forget to update the password on any Mobile Device with SEMO email on it as well. 

Second, contact SEMO IT Helpdesk immediately to have them investigate your PC to ensure that it is free of malicious software. 

Remember, you can always contact SEMO IT Helpdesk at x4357 (651-4357 external) if you have any questions or concerns about the validity of an email or require assistance with resetting your password. 

 

Want to learn more about phishing or other methods of protecting yourself online? 

SEMO IT frequently updates guides for commonly encountered IT Security related subjects, including phishing.  You may find these guides by going to http://semo.edu/it/security/it_security_guides.html.   

Alternatively, the United States Department of Homeland Security maintains a more in-depth review of phishing at https://www.us-cert.gov/ncas/tips/ST04-014 

 

 

Author: Thomas Meyer

 

 

References

Vector Images:

Login: <a href=”https://www.freepik.com/free-vector/creative-dark-login-form_1094982.htm”>Designed by Starline</a>

Hacker at computer: <a href=”https://www.freepik.com/free-vector/anonymous-hacker-with-flat-design_2753371.htm”>Designed by Freepik</a>

Fishing pole: <a href=”https://www.freepik.com/free-vector/businessman-fishing-a-money-bag_1076097.htm”>Designed by Dooder</a>

Leave a Reply

Your email address will not be published. Required fields are marked *