Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

A phishing attack happens when someone tries to trick you into sharing personal information online.

Table of Contents

What phishing is

Phishing is usually done through email, ads, or by sites that look similar to sites you already use. For example, someone who is phishing might send you an email that looks like it's from your bank so that you'll give them information about your bank account. The Sage Service Desk has encountered an increase in emails asking users to purchase gift cards. These emails appear to be from a member of the college, when in fact they are not.

Phishing emails or sites might ask for:

  • Usernames and passwords, including password changes
  • Social Security numbers
  • Bank account numbers
  • PINs (Personal Identification Numbers)
  • Credit card numbers
  • Your mother’s maiden name
  • Your birthday
  • Gift cards (Google Play Store, iTunes, Amazon, etc.)


The Sage Colleges Service Desk and Google will never ask you to provide this type of information in an email.

If you've disclosed personal information to an attacker (phisher)

Warning!

If you have disclosed personal information (i.e. bank account number, SSN, credit card numbers, etc.) be sure to contact the institutions who own that information and let them know that you were a victim of a phishing attack.

If you've fallen victim to a phishing attack please perform the following as soon as possible:

  1. Change your password immediately by following this guide.
  2. Enable 2-Step Verification for your Sage Google Account. The How-To article for this can be found here.
  3. Follow the steps below from the If you've received a phishing/suspicious email section of this article.

If you've received a phishing/suspicious email

If you've received an email you suspect to be a phishing attempt please perform the following steps.

Warning!

Do not click on any links or respond in any capacity to the email until the Service Desk has verified if the email is legitimate.

Create a new service request

Open a service request with the Service Desk using this link: Report Phishing/Suspicious Email

Gather detailed email information

In a new tab

  1. Open Gmail.
  2. Open the email you suspect is a phishing attempt.
  3. Next to Reply Reply, click More More and then Show original.

A new window will open and display important information regarding the suspicious email, including fields like authentication results. To provide email header information follow the directions above, and in the new window click the blue button labeled "Copy to clipboard." Then paste this information in the description box when submitting your service request. You will need to provide this information when submitting a Service Request to the Service Desk.

Report a phishing email to Google

When Gmail identifies that an email may be phishing or suspicious, it might show a warning or move the email to Spam. If an email wasn't marked correctly, follow the steps below to mark or unmark it as phishing.

When you manually move an email into your Spam folder, Google will receive a copy of the email and may analyze it to help protect users from spam and abuse.


To mark an email as phishing:

  1. On a computer, go to Gmail
  2. Open the message.
  3. Next to Reply Reply, click More More.
    Note: If you're using classic Gmail, click the Down arrow Down Arrow.
  4. Click Report phishing.

To unmark an email as phishing:

  1. On a computer, go to Gmail
  2. Open the message.
  3. Next to Reply Reply, click More More.
    Note: If you're using classic Gmail,click the Down arrow Down Arrow.
  4. Click Report not phishing.

Avoid phishing attacks

Be careful anytime you get an email from a site asking for personal information. If you get this type of email:

  1. Don’t click any links or provide personal information until you've confirmed the email is real. If you are unsure if the email is real open a service request with the Service Desk using this link: Report Phishing/Suspicious Email
  2. If the sender has a Gmail address, report the Gmail abuse to Google.

Note: The Sage Service Desk or Gmail will never ask you for personal information, like your password, over email.

When you get an email that looks suspicious, here are a few things to check for:

  • Check that the email address and the sender name match.
  • Check if the email is authenticated.
  • Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
  • Check the message headers to make sure the "from" header isn't showing an incorrect name.


Example of a phishing email

In the example below Alex is the target of a phishing scam by an attacker who is pretending to be Ryeley. The attacker is very convincing; they've used Ryeley's real email signature and changed the sender name to Ryeley's full name. The attackers emails are in red, and the targets emails are in blue.

From: Ryeley Kuykendall <networkadmin@my.com>

Date: Wed, Mar 20, 2019 at 6:13 PM

Subject: Re[3]: Re[2]: Urgent Request

To: Alex Markessinis <alex.markessinis@sage.edu>

On Wed, Mar 20, 2019 at 5:59 PM Ryeley Kuykendall <networkadmin@my.com> wrote:


Available?


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges

--------------------------------------------

On Wed, Mar 20, 2019 at 6:02 PM Ryeley Kuykendall <networkadmin@my.com> wrote:

I'm in a meeting right now, I need you to help me complete a task right away from any nearest store around.


Thanks


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges

--------------------------------------------

On Wed, Mar 20, 2019 at 6:13 PM Ryeley Kuykendall <networkadmin@my.com> wrote:

Are you receiving my emails?


Thanks


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges

--------------------------------------------

Wednesday, 20 March 2019, 11:00 PM +0100 from Alex Markessinis <alex.markessinis@sage.edu>:

Sure? What is up?

--------------------------------------------

Wednesday, 20 March 2019, 11:03 PM +0100 from Alex Markessinis <alex.markessinis@sage.edu>:

Okay.

What do you need?

--------------------------------------------

Wednesday, 20 March 2019, 11:06 PM +0100 from networkadmin@my.com <networkadmin@my.com>:

Here is what you need to do for me real quick. I need google play gift

cards, can you get some at the store right now? Let me know to advise

denomination to purchase. I will reimburse you all expense as soon as I'm

done.


Thanks


Ryeley Kuykendall,

Network Administrator

Cowee Hall, Troy Campus

The Sage Colleges

We always advocate checking the email address being used to send the email rather than just looking at the senders name. This will help you verify whether the email is legitimate or not. In the example above you can see the email being used by the attacker is networkadmin@my.com. This is not a valid Sage email address as it does not end with @sage.edu, however, the name used is the name of a Sage employee.

Related articles


  • No labels