Phishing

What Is It?

The fraudulent practice of sending emails or text messages purporting to be from legitimate companies in order to induce individuals to reveal personal information or otherwise compromise their accounts or computers. 

Table of Contents

• How do I report phishing?
  • Report it on the outlook browser
  • Report it on the outlook application
  • Report in on the Outlook mobile
• How can I protect myself?
• How can I tell if a message is phishy?
• Smishing
• Additional information

How do I report phishing

Phishing emails should be reported to the IT Helpdesk, so an alert can be posted. Report to the IT Helpdesk at this link: mtech.teamdynamix.com/TDClient/Home/?ID=99f6b374-a52c-46d0-83db-51443fc22cd8

Report Phishing on the web application by pressing the shield with an exclamation mark in the center to bring down a dropdown menu. Then click the button Report Phishing

Report phishing on the Outlook application by pressing the button that says Report Phishing

Phishing can be reported this way through Outlook in the phone app:

Step 1: 

Click the kebab menu in the top right corner

Step 2:

Select the button Report junk

Step 3:

From the options that pop up, select Phishing

You can also report phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org.  Phishing text messages can be forwarded to SPAM (7726).

Return to Table of Contents

How Can I Protect Myself?

• Submit any suspicious emails at this link: mtech.teamdynamix.com/TDClient/Requests/ServiceDet?ID=33144
• Keep your anti-virus software up-to-date and enabled
• Be suspicious of email messages from sources (people) that you do not know or recognize.
• Ensure the email address is not an impostor. Before responding, look at the email address, not just the name of the person sending the email.
• NEVER respond to any email messages asking you to click a web link to raise your email quota(our email system will NEVER send you a request asking you to do that).
• NEVER respond (reply) to any email messages with confidential information (Social Security number, Credit Card numbers, account Passwords).
• NEVER click a suspicious link or attachment. 
• Protect less sensitive information such as names and addresses. This information can lead to more elaborate phishing attempts.
• If you accidentally responded to a phishing message, please contact the Information Technology Help Desk for additional advice.
• Montana Tech will never send you an email containing a link asking you to click on it in order to update your credentials.
• Use different passwords for every service. This limits the number of your accounts that are compromised if one becomes compromised.
• Use two-factor authentication where available. Here is a link to better understand two-factor authentication: en.wikipedia.org/wiki/Multi-factor_authentication

Return to Table of Contents

How Can I Tell If A Message Is Phishy?

• Oftentimes Scammers try to impersonate large companies such as Amazon, so make sure to verify that an email address matches who the sender claims to be.
• Does the email contain a hyperlink or URL? Is it mismatched? Does it try to fool you by looking like a safe URL but really it is directing you to a bad site? To check this, hover your mouse over the hyperlink and see where the link is really going to take you. Scammers may use tools such as TinyURL to obfuscate the URL's true destination or intentionally long URL to confuse you.
• Does the message contain poor spelling or grammar?
• Does the message ask for personal information?
• Is it too good to be true? 
• Did you initiate the action?
• Are you asked to send money?
• Does the message make unrealistic threats?
• Does it appear to be from a government agency?
• Does it just not look right?
• Does it contain a generic greeting?
• Did the message call for immediate action?

If you get a message like any of the examples below, please do not respond.

Smishing

Smishing is phishing via text. Identifying a smishing message can be difficult.
If you think it could be legitimate- from a DR. office etc, look up the phone number for the office/business via a different method (Goggle, phone book, business card) and call them to find out if the message is legitimate.
Some signs that your text is a smish

• Sender is 'unkown'
• The message has a sense of urgency.
  • Ex. We will suspend you account if you do not respond within 24 hours.
• The link is suspicious (ie. http://bit.ly/237377)

Return to Table of Contents

Additional Information

If you want more information, here is an article about phishing, 

www.phishing.org/what-is-phishing

There is also an Information Security course that is accessible through your Moodle courses.

Return to Table of Contents