Phishing Awareness

What is Phishing?

Phishing is a form of fraud in which a malicious attacker attempts to harvest sensitive information from a victim by impersonating a legitimate person, department or organization. Attackers will attempt to gain private data such as account credentials, bank account numbers, personally identifiable information (such as Social Security numbers), or any other information that could prove to be valuable to the attacker.

Phishing campaigns often have different goals, such as:

  • Gathering University account credentials in order to be able to harvest sensitive student data.
  • Gain control of a computer in order to access data stored locally and on the network.
  • Trick a victim into downloading a malicious email attachment to infect computers, often with Ransomware.
  • Receive enough personally identifiable information to be able to steal an identity.
  • Obtain payment card information.

Security Resources

(login required)

Recognizing Phishing Campaigns

You can typically identify phishing campaigns simply by analyzing the content of the email:

  • If an email came unprompted and is requesting sensitive data, it is likely a phishing scam. A legitimate organization will never ask for any personal information, including passwords, via email.
  • If an email is creating a sense of urgency or is trying to invoke fear for you to take action, such as changing your password now, it is likely a phishing scam.
  • If an email contains hyperlinks that do not match the web addresses for the organization that it came from, it is likely a phishing scam.

Using just a few best practices, you can be sure to not fall victim to a phishing campaign:

  • Always review the sender of an email. For example, if you received an email claiming to be the UNG Information Technology department, but the sender is from a Google Mail account, this would be phishing scam.
  • Always hover your mouse cursor over hyperlinks in email messages prior to clicking them. By hovering your mouse over a link, the real web address will be displayed which can be used to confirm if the link is legitimate or not. For example, if there is a hyperlink claiming to be an email logon for UNG, but upon hovering over it displays an unknown website address, this would be a phishing scam.
  • Prior to logging in on a website, confirm that the address in the address bar is correct, and ensure that the connection is secure. If you are attempting to log in to a UNG service, but the website address does not match UNG, this is not a legitimate service. To confirm that your connection is secure, look for a green lock near the address bar, and confirm that the website address begins with https:// and not http:// .
  • If a phishing email is received, contact the Information Security department using the methods listed below.

Reporting Phishing Attempts

If you suspect that an email you received is a phishing campaign, you may forward it to the Information Security department at spam@ung.edu for analysis and advice for any further action on your part. In order to ensure that the Information Security department receives the full details from the email message, please forward the email as an attachment by using the following procedures:

Windows

  1. Select the phishing email in Outlook.
  2. On your keyboard, press CTRL+ALT+F . This will create a new email message with the phishing email automatically attached.
  3. Add any pertinent details to the body of your new email message.
  4. Send this email to spam@ung.edu .

Macintosh

  1. Right click the phishing email in Outlook, navigate to “Forward Special” and select “As Attachment.”
  2. Add any pertinent details to the body of your new email message.
  3. Send this email to spam@ung.edu .

Outlook Web App (Office 365)

  1. Compose a new email message and click the “Edit in a separate window” button in the top right corner.
  2. On your primary browser window, click and drag the phishing email into the body of the newly composed email message. This will add the phishing email as an attachment to your new message.
  3. Add any pertinent details to the body of your new email message.
  4. Send this email to spam@ung.edu .

Apple Mail

  1. Right click the phishing email in Apple Mail and select the “Forward as Attachment” option.
  2. Add any pertinent details to the body of your new email message.
  3. Send this email to spam@ung.edu .

Received Phishing Emails

Below are a number of real phishing emails that have been received by UNG. Please note that names, hyperlinks and email addresses have been redacted.

Contact UNG IT

For IT assistance, email helpdesk@ung.edu or call 706-864-1922