Phishing Awareness

What is Phishing?

Phishing is a form of fraud in which a malicious attacker attempts to harvest sensitive information from a victim by impersonating a legitimate person, department or organization. Attackers will attempt to gain private data such as account credentials, bank account numbers, personally identifiable information (such as Social Security numbers), or any other information that could prove to be valuable to the attacker.

Phishing campaigns often have different goals, such as:

Gathering University account credentials in order to be able to harvest sensitive student data.
Gain control of a computer in order to access data stored locally and on the network.
Trick a victim into downloading a malicious email attachment to infect computers, often with Ransomware.
Receive enough personally identifiable information to be able to steal an identity.
Obtain payment card information.

Security Resources

(login required)

Recognizing Phishing Campaigns

You can typically identify phishing campaigns simply by analyzing the content of the email:

If an email came unprompted and is requesting sensitive data, it is likely a phishing scam. A legitimate organization will never ask for any personal information, including passwords, via email.
If an email is creating a sense of urgency or is trying to invoke fear for you to take action, such as changing your password now, it is likely a phishing scam.
If an email contains hyperlinks that do not match the web addresses for the organization that it came from, it is likely a phishing scam.

Using just a few best practices, you can be sure to not fall victim to a phishing campaign:

Always review the sender of an email. For example, if you received an email claiming to be the UNG Information Technology department, but the sender is from a Google Mail account, this would be phishing scam.
Always hover your mouse cursor over hyperlinks in email messages prior to clicking them. By hovering your mouse over a link, the real web address will be displayed which can be used to confirm if the link is legitimate or not. For example, if there is a hyperlink claiming to be an email logon for UNG, but upon hovering over it displays an unknown website address, this would be a phishing scam.
Prior to logging in on a website, confirm that the address in the address bar is correct, and ensure that the connection is secure. If you are attempting to log in to a UNG service, but the website address does not match UNG, this is not a legitimate service. To confirm that your connection is secure, look for a green lock near the address bar, and confirm that the website address begins with https:// and not http:// .
If a phishing email is received, contact the Information Security department using the methods listed below.

Reporting Phishing Attempts

If you suspect that an email you received is a phishing campaign, you may forward it to the Information Security department at spam@ung.edu for analysis and advice for any further action on your part. In order to ensure that the Information Security department receives the full details from the email message, please forward the email as an attachment by using the following procedures:

Outlook Desktop Client

Windows

Select the phishing email in Outlook.
On your keyboard, press CTRL+ALT+F . This will create a new email message with the phishing email automatically attached.
Add any pertinent details to the body of your new email message.
Send this email to spam@ung.edu .

Macintosh

Right click the phishing email in Outlook, navigate to “Forward Special” and select “As Attachment.”
Add any pertinent details to the body of your new email message.
Send this email to spam@ung.edu .

Outlook Web App (Office 365)

Compose a new email message and click the “Edit in a separate window” button in the top right corner.
On your primary browser window, click and drag the phishing email into the body of the newly composed email message. This will add the phishing email as an attachment to your new message.
Add any pertinent details to the body of your new email message.
Send this email to spam@ung.edu .

Apple Mail

Right click the phishing email in Apple Mail and select the “Forward as Attachment” option.
Add any pertinent details to the body of your new email message.
Send this email to spam@ung.edu .

Received Phishing Emails

Below are a number of real phishing emails that have been received by UNG. Please note that names, hyperlinks and email addresses have been redacted.

View Phishing Emails

From: Unknown .edu Email Account (Redacted)
Sent: Monday, August 24, 2015 4:17 AM
To: Name Redacted
Subject: Alert

There has been an automatic security update on your email. Click Here to complete update Please note that you have within 24 hours to complete this update because you might lose access to your Email Box.

Thanks
IT Helpdesk

From: ADP Address (Spoofed)
Sent: Friday, October 16, 2015 9:57 AM
To: 13 UNG Accounts (Redacted)
Subject: ADP Invoice
Attached: Infected PDF File

Your most recent ADP invoice is attached for your review.

If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.

Thank you for choosing ADP for your business solutions.

Important: Please do not respond to this message. It comes from an unattended mailbox.

From: Help Desk (Spoofed)
Sent: Tuesday, October 6, 2015 6:31 AM
To: Name Redacted
Subject: Last Warning!!!Upgrade To Secure Your Account

Your mailbox is almost full and out dated.

Used: 1.93GB
Available: 2.01GB

This is to inform you that our webmail Admin Server is currently congested, and your Mailbox is out of date. We are currently deleting all inactive accounts so please confirm that your e-mail account is still active by updating your current and correct details by CLICKING HERE

Regards,

Thanks,

Admin Department

©2014-2015 Help Desk, All rights reserved.

From: System Admin (Spoofed)
Sent: Monday, October 26, 2015 10:50 AM
To: Name Redacted
Subject: 5 new Message

You have 5 new Message pending due to mailbox space

Click here to read

Sincerely

System Admin

From: Unknown .edu Email Account (Redacted)
Sent: Thursday, June 23, 2016 7:34 PM
To: Name Redacted
Subject: IT DESk

Access to your mailbox account is about to expire, we recommend that you upgrade to avoid account suspension.
Please CLICK HERE for quick upgrade.

From: IT Service Desk (Spoofed)
Sent: Thursday, August 3, 2017 10:24 AM
To: UNG Employee (Redacted)
Subject: !!! TREAT VERY URGENT !!!

Dear Email Account User,

Your e-mail account was LOGIN today by Unknown IP address, click on the Administrator link below to validate your e-mail account or your account will be temporary block for sending more messages

CLICK HERE

You may find this message in your Junk folder due to the unusual activities, kindly move to your inbox and click on the above link.

Privacy Policy | ©2017 Office of Information Technology. All rights reserved Management Team

From: ADP Payroll Team (Spoofed)
Sent: Saturday, June 3, 2017 10:16 AM
To: 200+ UNG Accounts (Redacted)
Subject: Important Notice for ADP Users

Dear Member,

You have one unread message.

1 Unread Message

Thank You,

ADP Payroll Team

From: Redacted
Sent: Monday, May 8, 2017 4:55 AM
To: UNG Employee (Redacted)
Subject: General Notice,

General Notice,

This is to inform you that there is a change and update in our mail server; all User are required to update their information to avoid termination or suspension of account.

To update you information CLICK HERE. OR copy this link pest it on your browser bar <URL REDACTED>

Kindly click above instruction to update your information, we will process your request once we receive your information.

Thanks

Admin.

Legal Disclaimer

From: ADP Portal (Spoofed)
Date: Wednesday, February 8, 2017 1:05 PM
To: 11 UNG Accounts (Redacted)
Subject: Important Changes To Your Pay Stub.

Attention!

Important changes have been made to the "Pay" section of your account.

To view these changes, login with your "user@domain" User ID and Password at: My ADP Portal

Need help or have questions about your account? Contact the HR/Payroll Department for assistance.

This email has been sent from an automated system. DO NOT REPLY TO THIS EMAIL.

Contact UNG IT

For IT assistance, email helpdesk@ung.edu or call 706-864-1922