Phishing and Fraud

Overview

Phishing attempts are emails that try to ask you for your username and password. They often pretend to be legitimate websites, but will often be on other websites. You can find more information about phishing and how to report it here.

Avoiding e-mail fraud

Due to the widespread use of web bugs in email, simply opening an email can potentially alert the sender that the address to which the email is sent is a valid address. This can also happen when the mail is 'reported' as spam, in some cases: if the email is forwarded for inspection, and opened, the sender will be notified in the same way as if the addressee opened it.

E-mail fraud may be avoided by:

Many frauds go unreported to authorities, due to shame, guilty feelings or embarrassment, but if you ever fall victim to an e-mail fraud that involves theft, either monetary or of your identity, contact the authorities immediately. You could help save many people from the same problem.


Phone Fraud

Fraud can take place over the phone as well. Some reports come from people asking about printer information and claim to be from supply services. Some tips for recognizing phone fraud is blocked numbers.

Blocking E-mail Spam

Network Engineering uses several tools to help keep spam from reaching your mailbox. Read on for more information about what we are doing to prevent spam, what you can do, and how to keep your address off of spammers' lists.

What is Spam?

Spam is defined as unsolicited, bulk e-mail.  Typically spam comes from strangers - people who have obtained your e-mail address without your permission.  If you signed up for the mailing (intentionally or accidentally), it may be undesirable e-mail, but it is not technically spam.  Likewise, if you have some sort of business relationship with the sender, it is not spam.  So, an e-mail sent to you from your bank, an online service you signed up for, or your department at OSU would not be considered spam. 

Note: Using OSU's e-mail system to send unauthorized bulk mailings is against the Acceptable Use Policy.  For information about how to do a bulk mailing at OSU correctly, please see the Guidelines for Release of E-mail Addresses.

Blocking Spam

Step 1 - Using Filtering On Your Account

Step 2 - Reporting Spam

If Step 1 doesn't stop the spam from coming through, you can report the spam to OSU Network Engineering:

Phish Detection

For more information about phishing, please see the Phishing helpdoc page.

OSU blocks e-mail messages that contain a reply-to address that goes to a known phisher.  If practical, we will also "poison DNS" for links included in phishing e-mails, so that clicking the link will redirect you to a safe page instead. 

If you respond in any way to a phishing e-mail that asks for your username and password, we will disable your account and ask you to reset your password.  OSU has had a significant number of accounts become hacked in the past and these hacked accounts have been used to send hundreds of thousands of spam e-mails to OSU and to the world, causing serious e-mail disruption.

NEVER respond to phishing e-mails!

Where does spam come from?

In the past, most spam came from misconfigured mail servers or proxy servers. But today most spam comes from virus-infected personal computers, hacked e-mail accounts and free e-mail providers.  See the Wikipedia article on Spam for more information about how spammers operate.

One very important thing that you can do in the fight against spam is to keep your computer up-to-date on software patches and anti-virus software. It's also a good idea to run a personal firewall. Use caution when opening e-mails from addresses you don't recognize, and always scan email attachments for viruses. If your computer has become noticeably slower, it's a good idea to run virus-detection software.

Finally: NEVER share your password!

Content Based Filtering Inbox Rules

Inbox Rules can be used to lower the amount of spam received to exchange? email addresses.

  1. Log into exmail.oregonstate.edu
  2. Click on See All Options... from the drop down Options menu
  3.  Click on Orginize E-Mails on the left
  4. Click on New Rule in Inbox Rules tab
  5. Click on More Options
  6. Set the following:
  7. In the 'Specify Words or Phrases' window enter 'X-Spam-Flag: YES' then click on the plus icon and click OK to add the phrase
  8. Select what to do with bad emails

    Select Junk E-mail from the Select folder window
  9. Name the rule and click on Save

Email Filtering

ONID Webmail (Legacy Server)

These instructions do not apply if you receive your ONID email via Google Apps for OSU. Email filtering will not work with ONID if you have your ONID account set to forward to another email account. For more information about forwarding, click here.

Following are directions for setting up Spam Assassin and Mail Filters on ONID:

Spam Assassin

  1. Browse to http://onid.oregonstate.edu/
  2. Click Login To ONID in the left hand column
  3. After logging in, click Manage Mail in the left hand column
  4. If mail forward IS NOT set, you will see a Spam Assassin section on this page
  5. Check the box that says Use Spam Assassin
  6. You may check either or both of the other two boxes at your preference
  7. Click Modify Spam Assassin Settings

Personal Mail Filters

  1. Browse to http://onid.oregonstate.edu/
  2. Click Login To ONID in the left hand column
  3. After logging in, click Manage Mail in the left hand column
  4. If mail forward IS NOT set, you will see a Personal Mail Filters section on this page
  5. You can create a custom mail filter under this section to automatically move emails coming from a certain email address or email domain to a spam folder in your ONID account.
    Caution: If you block a domain, all emails from that domain will be blocked. For example if you block @gmail.com, all emails coming from an @gmail.com email account will be blocked.

 

Outlook 2007

  1. From the main Outlook window, select the Actions menu
  2. Navigate to Junk Email and select Junk Email Options... from the sub menu
  3. From the Blocked Senders tab, click Add
  4. Enter the sender's email address or email domain to block the sender
    Caution: If you block a domain, all emails from that domain will be blocked. For example if you block @gmail.com, all emails coming from an @gmail.com email account will be blocked.
  5. Click OK
  6. Click OK

 

Outlook 2010

  1. From the main Outlook window, click Junk
  2. Select Junk Email Options... from the drop-down
    Junk Email Options
  3. From the Blocked Senders tab, click Add
  4. Enter the sender's email address or email domain to block the sender
    Caution: If you block a domain, all emails from that domain will be blocked. For example if you block @gmail.com, all emails coming from an @gmail.com email account will be blocked.
  5. Click OK
  6. Click OK

 

Outlook 2011 (Mac)

  1. Click the Junk menu, then click Junk E-mail Protection
  2. Select the level ou prefer to use for junk protection (the Low setting is fine for most users)
  3. Click OK

Mac Mail

  1. Select the spam email from the mail list
  2. Click Junk from the toolbar near the top of the window

 

Thunderbird

To customize junk email controls:

  1. From the Tools menu, select Junk Mail Controls

To train Thunderbird:

  1. Select the spam email from the mail list
  2. Click Junk from the toolbar near the top of the window

Reporting Spam & Phishing

Quick Jump Links:

If you would like to report phishing emails, please follow the process below for your particular mail client.

 

OWA - Outlook Web App 

  1. When looking in your inbox, right click on the fraudulent or abusive message.
  2. Click the Forward as Attachment button.
    Attachment
  3. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

     

Outlook 2011 (Mac)

  1. Select the message in the message pane
  2. Click the Attachment button
  3. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

 

Outlook 2010 or 2013

  1. Open the phishing email in a new window. This can be done by double clicking on the email. (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Click More near the top of the window and select Forward as Attachment

    Outlook 2010
    Forward as Attachment

    Outlook 2013
     

  3. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

 

Outlook 2007

  1. Open the phishing email in a new window (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Click Other Actions near the top of the window and select Forward as Attachment
    Forward as Attachment
  3. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

Mac Mail

OS X 10.0-10.10:

  1. Right click (two-finger click) on the mail message in your inbox or folder
  2. Select "Forward as an attachment"
  3. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

Older Versions of Mac Mail:

  1. Open the phishing email (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Under the View menu, select Message and then Long Headers from the sub menu
  3. Click Forward
  4. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

 

ONID - Legacy Webmail Interface

  1. If you still access your ONID mailbox at http://webmail.oregonstate.edu/, then start by logging in here.
  2. Open the phishing email (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  3. Under the Forward menu, select Entire Message
    Forward Entire Message
  4. This will open a new email with the phishing email included as an attachment.
  5. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

 

ONID - Gmail Interface

1. Once you are in the phishing attempt email, click on the little drop down arrow. This will bring up several options.

Drop down arrow in Email

2. Click on the “Show original” option in that drop down menu.

Show Original Link in Drop Down Menu

3.This will open a new tab with a page that looks like this, a lot of text. You will need to copy and paste this text into a new email. An easy way to highlight all of the text is to press the Ctrl button and the A button at the same time. After that you can press Ctrl and C together to copy it. 

New Tab with a lot of Text

4. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

 

Thunderbird

  1. Select the phishing message
  2. Under the Message menu, select Forward As and then select Attachment from the sub menu
  3. If you feel the message is abusive or asking for your credentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to spam (@) oregonstate.edu and we will look at it.

Bogus Offers

One of the most prevalent types of email fraud comes of the form of offers that are too good to be true. The fraudulent offer typically features a popular item or service, at a drastically reduced price. Most of these are just an attempt to get your credit card information and if something seems too good to be true, it probably is.

Another type of bogus offer affects people who use Ebay, Craigslist, or any other online retailer for selling their belongings. The typical scam is that a person will contact you offering to pay the full amount, or even more for a rush delivery, but they refuse to pay you until they receive the item for inspection or some other reason.

 

Here are some examples:

Click here to view larger image.

Phishing

What is phishing?

Phishing is an attempt by a person or organization to gain information such as usernames, passwords or credit card information. Once the unauthorized person gathers this information, they can use it to fraudulently purchase items on YOUR credit card, send real or spam e-mail from YOUR e-mail address, or sign up for services in YOUR name. Examples of phishing messages have been compiled to help you identify fake messages. The Phishing page on Wikipedia has more information if you are interested.

Why is phishing dangerous?

Aside from financial loss, phishing can also cost you time, as well as your identity. As said above, once you send your information to a phishing email, someone can start making charges to your name. Not only will you now owe for someone's else's expenditures, you also get to spend hours trying to cancel cards, reverse orders, and try to get your financial life back. This can be very taxing financially, and take a lot of your spare time.

You will also now have a flood of messages from services you've never used before. Accounts for forums, online retailers, lists, just about anything, can start being funneled to your email address. What's worse, the phisher can also spoof your account, and potentially get your account disabled for spamming.

What can I do to protect my personal identity and information?

  • NEVER give your password to ANYONE, including technical support personnel.
  • NEVER respond to spam messages (this validates your address to the spammer and your e-mail address will be FLOODED with SPAM).
  • Read the email critically and ask yourself some questions.
    • Does it make sense?
    • Is the capitalization, grammar, punctuation and sentence structure, correct?
    • Is the email too generic?
    • Why are they asking for my personally identifiable information over an unsecure method of communication, such as e-mail?
    • Why would the administrators of that system need my username, which they already know?
  • Never respond to an email requesting this information.
  • Forward suspicious emails to your support group or call the agency requesting the information; E.g. Bank of America, OSU Federal Credit Union, Computer Helpdesk, etc.
  • Never click on links or images in suspicious emails.
  • Abide by the OSU Acceptable Use Policy you signed, especially the section: "Accounts and passwords may not, under any circumstances, be shared with or used by persons other than the individual(s) to whom they have been assigned by the University."
  • Don't chat up scammers. Read a transcript from a real scam artist to gain further insight.
  • If you are still unsure what to do, contact your computer support group on campus.

What can I do to report a phishing attempt?

If you receive a phishing attempt and would like to report it, please select your email client from the following list for instructions on reporting a phishing attempt.

What happens if I get phished?

If you are the victim of a phishing attempt, the first thing that will happen is your account will get disabled by the Service Desk. Once your account is disabled, you will get an email to your personal email telling you why your account was disabled; both you and the phisher will get an error message when you try to sign in telling you to contact the Oregon State Computer Helpdesk at 541-737-3474.

Once you call, the Service Desk will contact ONID support and get your account reactivated.

Things to keep in mind after getting your account reactivated:

  • Your password will need to be changed to something completely different
  • Check the Accounts, Filters, and Forwarding and POP/IMAP tabs and remove any fraudulent information. 
  • You can always contact the Service Desk if you don't know if an email is legitimate

Phishing examples

Phishing e-mails can arrive in various forms. This page is designed to help you recognize some common features of these attacks.

 

Example 1:

Phishing example 1

1. Reply address is misspelled and to the wrong email domain

The reply email address will almost always be different from the person that appears to be sending the fraudulent e-mail. This is because the person trying to get your account information is hoping you will hit reply and not notice who the email is actually being sent to. If you did respond to one of these emails and realize it later you should change your password immediately.

2. ONID doesn't have anonymous registration

This is specific to just ONID accounts, but any e-mail address that required prior registration information from that organization is NOT "anonymous registration." No email service will ever send you an e-mail stating your account will be deleted unless you respond with account information! If you are unsure about the e-mail server you are using and think they may do something like this, either call or send a email directly to the support team e-mail that is on the website to ensure that it doesn't get sent to a fraudulent individual.

3. We will never ask you for your password, birthday, country, or GAP.

No technical support or e-mail provider should ever ask for any personal information, especially passwords. If you have NOT contacted your e-mail or internet provider for help, be very suspicious of any email you receive claiming to be technical support, because tech support should not contact you unless you have asked for help.

4. Conflicting Information

Many times automated messages are created by pulling different sections of text out of a database and often times the information that gets pulled for the email has conflicting information. Of course both propositions of having your account disabled or deleted in 48 or 24 hours is scary and causes many people to act too quickly. ONID will notify you of account deletion or deactivation at least a couple weeks before anything is done. If an email gives you a deadline within hours or days the chances of it being a scam is greatly increased.

Example 2

Phishing Example 2

1. The from address is something other than the domain of your email address.

If you receive a legitimate email message from an administrator of your email the from address should always have the same domain as your email. For example if you receive something from ONID you know your ONID address is of the form "ONIDusername@oregonstate.edu"so the message should be from somebody@oregonstate.edu". This is a good first check to see if a message is real.

2. There is information in the email that is just wrong.

This is harder to recognize since you may not always know this information but if it looks wrong to you check it out. Usually information like this will be clearly listed on your email providers page and can easily be verified.

3. The message requests information such as username and password

No technical support group will EVER ask for this kind of information by email. If for some reason we need to have you update information we will send a message that simply asks you to go to ONID and sign in yourself to update it. Also be careful of messages that send you a link to update your information since the link doesn't always go where it says. It is always better to type in the address yourself rather than clicking a link!

Requests for Help

The "request for help" type of e-mail fraud takes this form. An e-mail is sent requesting help in some way, but including a reward for this help as a "hook," such as a large amount of money, a treasure, or some artifact of supposedly great value

The modern e-mail version of this scam, known variously as the "Nigerian scam", "Nigerian All-Stars," etc., because it is typically based in Nigeria, is an advance fee fraud. The lottery scam is a contemporary twist on this scam.

Responding to these emails cost someone money and loss of their identity, You can see stories of victims at http://www.google.com/news/search?aq=f&pz=1&cf=all&ned=us&hl=en&q=nigerian+scam.

Examples can be found at fraudgallery.com or you can view the thumbnails below for some basic examples.

Spoofing

E-mail sent from someone pretending to be someone else is known as spoofing. Spoofing may take place in a number of ways. Common to all of them is that the actual sender's name and the origin of the message are concealed or masked from the recipient. For more information, visit http://en.wikipedia.org/wiki/E-mail_spoofing

One very common example of spoofing is when people receive e-mails in their inbox saying that a message could not be delivered to a recipient, even though they do not remember sending that message. In this case, someone has learned what your email is and sent spam e-mails pretending to be from your address and the e-mail address was incorrect and sent a bounce message back to your e-mail address.

The thumbnails below show some examples of spoofed e-mail messages:

Click on image to view full size.

Click on image to view full size.