Phishing

What is phishing?

Phishing is an attempt by a person or organization to gain information such as usernames, passwords or credit card information. Once the unauthorized person gathers this information, they can use it to fraudulently purchase items on YOUR credit card, send real or spam e-mail from YOUR e-mail address, or sign up for services in YOUR name. Examples of phishing messages have been compiled to help you identify fake messages. The Phishing page on Wikipedia has more information if you are interested.

How is phishing dangerous?

Aside from financial loss, phishing can also cost you time, as well as your identity. As said above, once you send your information to a phishing email, someone can start making charges to your name. Not only will you now owe for someone's else's expenditures, you also get to spend hours trying to cancel cards, reverse orders, and try to get your financial life back. This can be very taxing financially, and take a lot of your time.

What can I do to protect my personal identity and information?

What happens if I get phished?

If you are the victim of a phishing attempt, the first thing that will happen is your account will get disabled by the Service Desk. Once your account is disabled, you will get an email to your personal email telling you why your account was disabled; both you and the phisher will get an error message when you try to sign in telling you to contact the Oregon State Computer Helpdesk at 541-737-3474.

Once you call, the Service Desk will contact ONID support and get your account reactivated.

(Phishing) E-mail Fraud

E-mail Fraud

Due to the widespread use of web bugs in email, simply opening an email can potentially alert the sender that the address to which the email is sent is a valid address. This can also happen when the mail is 'reported' as spam, in some cases: if the email is forwarded for inspection, and opened, the sender will be notified in the same way as if the addressee opened it.

E-mail fraud may be avoided by:

  • Keeping one's personal e-mail address as secret as possible. Use a throw-away email when signing up websites online.
  • Using a spam filter.
  • Ignoring unsolicited e-mails of all types, simply deleting them.
  • Not giving in to greed, since greed is often the element that allows one to be "hooked".

Many frauds go unreported to authorities, due to shame, guilty feelings or embarrassment, but if you ever fall victim to an e-mail fraud that involves theft, either monetary or of your identity, contact the authorities immediately. You could help save many people from the same problem.

Phone Fraud

Fraud can take place over the phone as well. Some reports come from people asking about printer information and claim to be from supply services. Some tips for recognizing phone fraud is blocked numbers.

(Phishing) Examples

Phishing Examples

Sometimes phishing emails are obviously malicious, but other times they are pretty convincing. It is important to keep in mind the context of the email. If you did not request to be "added to a project" or if your mail quota is suddently "exceeding capacity", you will want to tread carefully in the email.

Below you will find a collection of phishing emails that have been reported to us and we have shown basic ways to tell if these emails are legitimate or not without even clicking on the link.

(Phishing) 07/06/2017 Account Block

07/06/2017 Example

This email was sent out on 07/06/2017 trying to steal email login information. There are a couple of intial red flags just after reading the email, even without further investigating:

  • You Requested for password change
  • Grammer and capitalization is terrible for an automated message.
  • Upgrade mailbox quota here
  • Blindly clicking hyperlinks in emails should always be avoided since they could lead anywhere.
  • Mail administrator 2017
  • We're just the "Service Desk".

Here are some additional ways we can tell this email is fake:

Sender Address

The sender has "admin" at least in the username, but that isn't where we send automated messages from and the email address doesn't even say @oregonstate.edu. Keep in mind that even if an email address is an @oregonstate.edu email address, that doesn't make it safe. Email addresses can be spoofed and manipulated to seem like legitimate emails or it could be coming from an already stolen account. That is why it is important to look at the context of the email and any hyperlinks in it.

Hyperlinks

This link could be tricky since it technically does have "oregonstate.edu" in the hyperlink, however the website is chamnoltravel.com. It is important to keep in mind that you don't have to "request" changing your password here and you can always call us in to discuss mail quota information.

If this information was useful, needs work, or you would like to see more of it, feel free to request that using the feedback button below!

(Phishing) 07/11/2017 Blackboard

07/11/2017 Blackboard

This email was sent out on 07/11/2017 trying to steal users login information. There are a couple of intial red flags just after reading the email, even without further investigating:

  • 2 New Important messages from your Admin Center
  • Capitilization is terrible for an automated message and it is extremely generic.
  • Click Here To Review:
  • "Click here" links in emails should always be avoided.
  • Blackboard.
  • We don't even support Blackboard, we use Canvas.

Here are some additional ways we can tell this email is fake:

Sender Address

The sender is not even close to any email from Oregon State, it doesn't even say @oregonstate.edu. Keep in mind that even if an email address is an @oregonstate.edu email address, that doesn't make it safe. Email addresses can be spoofed and manipulated to seem like legitimate emails, or it could be coming from an already stolen account. That is why it is important to look at the context of the email and any hyperlinks in it.

Hyperlinks

This is an easy way to tell the email is fake. ONID credentials wont work on sites that are not oregonstate.edu, especially not "ow.ly/ntuj30xrhf"

If this information was useful, needs work, or you would like to see more of it, feel free to request that using the feedback button below!

(Phishing) 07/12/2017 Quota Limit

07/12/17 Example

This email was sent out on 07/12/2017 trying to steal email address login information. There are a couple of intial red flags just after reading the email, even without further investigating:

  • To avoid being block click on the link
  • This grammer is terrible for an automated message.
  • Click Here To Validate
  • "Click here" links in emails should always be avoided.
  • Oregon State University Webmaster Email Technical Support
  • We're just the "Service Desk"

Here are some additional ways we can tell this email is fake:

Sender Address

The sender is not even close to an admin email from Oregon State, it doesn't even say @oregonstate.edu. Keep in mind that even if an email address is an @oregonstate.edu email address, that doesn't make it safe. Email addresses can be spoofed and manipulated to seem like legitimate emails, even when they are not. That is why it is important to look at the context of the email and any hyperlinks in it.

Hyperlinks

The validation email link does not go to an Oregon State, but instead goes to a seemingly random "webhostapp" page. Logging in here will do nothing but give someone your account information.

Even their "www.oregonstate.edu" link doesnt even go to Oregon State University, but instead goes to the malicious web page.

If this information was useful, needs work, or you would like to see more of it, feel free to request that using the feedback button below!

(Phishing) Bogus Offers

Bogus Offers

One of the most prevalent types of email fraud comes of the form of offers that are too good to be true. The fraudulent offer typically features a popular item or service, at a drastically reduced price. Most of these are just an attempt to get your credit card information and if something seems too good to be true, it probably is.

Another type of bogus offer affects people who use Ebay, Craigslist, or any other online retailer for selling their belongings. The typical scam is that a person will contact you offering to pay the full amount, or even more for a rush delivery, but they refuse to pay you until they receive the item for inspection or some other reason.

 

Here are some examples:

Click here to view larger image.

(Phishing) Help Requests

Requests for Help

The "request for help" type of e-mail fraud takes this form. An e-mail is sent requesting help in some way, but including a reward for this help as a "hook," such as a large amount of money, a treasure, or some artifact of supposedly great value

The modern e-mail version of this scam, known variously as the "Nigerian scam", "Nigerian All-Stars," etc., because it is typically based in Nigeria, is an advance fee fraud. The lottery scam is a contemporary twist on this scam.

Responding to these emails cost someone money and loss of their identity, You can see stories of victims at http://www.google.com/news/search?aq=f&pz=1&cf=all&ned=us&hl=en&q=nigerian+scam.

Examples can be found at fraudgallery.com or you can view the thumbnails below for some basic examples.

(Phishing) Reporting

Reporting Phishing

Phishing emails can be very dangerous. Here at Oregon State we do our best to ensure everyone has a safe and secure email inbox, however sometimes phishing attempts get by us. If you notice a phishing attempt in your inbox, we strongly encourage that you send it as an attachment to phishing@oregonstate.edu so that we may further protect everyone by blocking the user and the website immediately.

Follow the steps below to properly send a phishing email as an attachment:

  1. When looking in your inbox, right click on the fraudulent or abusive message.
  2. Click the Forward as Attachment button.
    Attachment
  3. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.
  1. Select the message in the message pane
  2. Click the Attachment button
  3. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.
  1. Open the phishing email in a new window (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Click Other Actions near the top of the window and select Forward as Attachment
    Forward as Attachment
  3. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.
  1. Open the phishing email in a new window. This can be done by double clicking on the email. (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Click More near the top of the window and select Forward as Attachment

    Outlook 2010
    Forward as Attachment

    Outlook 2013/2016
     

  3. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.
  1. Right click (two-finger click) on the mail message in your inbox or folder
  2. Select "Forward as an attachment"
  3. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.
  1. If you still access your ONID mailbox at http://webmail.oregonstate.edu/, then start by logging in here.
  2. Open the phishing email (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  3. Under the Forward menu, select Entire Message
    Forward Entire Message
  4. This will open a new email with the phishing email included as an attachment.
  5. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.
  1. Once you are in the phishing attempt email, click on the little drop down arrow. This will bring up several options.
  2. Drop down arrow in Email

  3. Click on the “Show original” option in that drop down menu.
  4. Show Original Link in Drop Down Menu

  5. This will open a new tab with a page that looks like this, a lot of text. You will need to copy and paste this text into a new email. An easy way to highlight all of the text is to press the Ctrl button and the A button at the same time. After that you can press Ctrl and C together to copy it. 
  6. New Tab with a lot of Text

  7. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.
  1. Select the phishing message
  2. Under the Message menu, select Forward As and then select Attachment from the sub menu
  3. Send the phishing email to phishing@oregonstate.edu and we will work out quickest to get the malicious phisher blocked.

(Phishing) Spoofing

Spoofing

E-mail sent from someone pretending to be someone else is known as spoofing. Spoofing may take place in a number of ways. Common to all of them is that the actual sender's name and the origin of the message are concealed or masked from the recipient. For more information, visit http://en.wikipedia.org/wiki/E-mail_spoofing

One very common example of spoofing is when people receive e-mails in their inbox saying that a message could not be delivered to a recipient, even though they do not remember sending that message. In this case, someone has learned what your email is and sent spam e-mails pretending to be from your address and the e-mail address was incorrect and sent a bounce message back to your e-mail address.

The thumbnails below show some examples of spoofed e-mail messages:

Click on image to view full size.

Click on image to view full size.