E-mail Security (Phishing)
Phishing is a form of identity or account theft which uses e-mail, instant message and/or malicious web sites in order to obtain sensitive personal information about the victim.
Frequently these e-mails may appear to be from a business, financial institution or the university and they often request the victim to verify or update their account information. University of Oregon e-mail addresses frequently are the target of many Phishing scams.
Phishers are becoming increasingly sophisticated in their phishing attacks and, as a result, phishing e-mails are more polished in their execution and may appear similar to communication you would expect to see from authentic sources. Phishing attempts may include valid contact information and make use of logos to further purport authenticity.
- Awkward writing style, poor grammar, or misspelled words.
- "From" field is blank, is not a valid university e-mail address, or is otherwise not appropriate for the e-mail subject matter
- "To" field does not explicitly list your e-mail address or has multiple recipients listed
- Request is "urgent" asking you to take action
- Asks that you provide account credentials or that you to log into a website
- Requests personal or sensitive information (DuckID, account credentials, UO ID Number, Social Security Number, etc)
- Website addresses referenced in the message body do not seem appropriate for the e-mail subject matter
Be reasonably suspicious
Be reasonably suspicious about unexpected e-mails and contact your local IT support for additional assistance to verify the authenticity of any suspect e-mails. If you do not have local support, please contact the Information Services Technology Service Desk for assistance.
- Never respond with sensitive information
Never respond to any e-mail that asks for personal or financial information (DuckID, account credentials, UO ID number, Social Security number, financial account information, etc). Information Services will never send e-mail asking for account usernames or passwords. This type of information should never be sent to anyone.
- Do not trust 'urgent' e-mail demands for action.
Do not trust 'urgent' e-mail demands for action. It is a common social engineering technique to foster a false sense of urgency in order to provoke an immediate response. Often times attackers will target busy times of the year such as the start of the term or during break (winter break, spring break, or summer vacation) to increase the chance of recipients being successfully phished.
- Do not trust company phone numbers in suspect e-mail.
Do not trust company phone numbers or e-mail addresses in suspect e-mail. Information Services has seen phishing e-mails that utilize VOIP phone numbers with 503 and 541 area codes to encourage recipients to provide confidential information over the phone to phishers.
If you believe the e-mail that you have received to be a phishing attempt but are concerned that it may actually be real and not fraudulent, please directly contact the institution using phone number or e-mail information published on their official website or other established resource.
- Forward phishing attempts to email@example.com
Forward phishing attempts that you receive, with full e-mail headers, to firstname.lastname@example.org. Doing so allows Information Services staff to take steps to mitigate the threat.
Information on full e-mail headers can be found at the following link:
- Use a web browser that utilizes Safe Browsing Anti-phishing functionality or install an anti-phishing browser plugin.
Safe Browsing Enabled Web Browsers:
- Google Chrome
- Mozilla FireFox
- Apple Safari
- Do not click on suspicious links or open suspicious attachments
The website link in suspect e-mails may lead to a malicious website that will attempt to compromise your computer with a virus. Launching suspicious attachments such as PDF, Word document, and executables also has the potential of infecting your computer with a virus.
- Review suspicious e-mails on your computer
Review suspicious e-mails on your computer rather than on your mobile device. Mobile devices commonly do not have the same anti-phishing protection that is available on a desktop computer or laptop. Additionally some of the common indicators of phishing e-mails, that are visible on a computer, are not present or easily accessible within a mobile mail or mobile web client.
If you provided your account credentials in response to a phishing scam, please immediately change your account password for the affected account and any other account that uses the same, or a similar password.
If the scam involves UO credentials such as your 'DuckID', please e-mail email@example.com.
If you took other action in response to the phishing e-mail, such as opening an attachment, or downloading a file, please include this information in your e-mail to firstname.lastname@example.org.
Be sure to include the full headers of the phishing e-mail when reporting the incident. If you are not familiar with how to view the full headers of an e-mail, please consult the following site:
Information on e-mail full headers can be found here:
These are examples of phishing e-mails that UO faculty, staff and students have received.
"As phishing schemes become more sophisticated with phishers being able to convince up to 50% of recipients to respond, it has become increasingly important for The Division of Information Protection and Security at the Office of Information Technology to inform you that we are seeing an increase in e-mail accounts that have been compromised by phishes.
As a result you are advised to verify your account to confirm that it has *not* been compromised by phishes. To verify your account, please click and follow the verification link below or simply copy and paste it into your web browser"
"You have received a new message from the IT Department regarding your account. Please sign in immediately to read this message."
"This is to inform you that a new course has been added to your study list and also view your timetable for the new coming session. Please Login below."
|"University of Oregon have released a new version of uoregon.edu webmail Monday, Nov 18, 2013. This newest webmail version comes with new and advanced secured functions and anti-spam protection. You are advised to click and follow the link below to migrate today, and to enable advanced security features"|
"Your online access has been temporarily disabled. Please re-activate your account immediately by clicking on the "Re-activate My Account" button below:"
|"As a result you are advised to verify your account to confirm that it has not been compromised by phishers. To verify your account, please click and follow the verification link below or simply copy and paste it into your web browser; To ensure full protection of your account, please take a few minutes now - it could save you a lot of time and frustration later."|
Keep your customers aware of ongoing phishing threats and be available to assist them if they have questions concerning potential phishing e-mails.
- Forward phishing samples as EML
Forward phishing samples, that have poor phishing and spam scores, as an EML file, to email@example.com. The EML format simplifies the process for improving false negatives scores.
University IT staff are encouraged to report phishing websites to Safe Browsing, Microsoft, and Phishtank in addition to sending notifications to firstname.lastname@example.org. Reporting phishing attempts to email@example.com allows Information Services staff to take steps to mitigate the phishing threats for users on the campus network. Submitting phishing websites to the resources identified below assists with protecting users when they are not on the campus network.