Phishing

Summary

The fraudulent practice of sending emails purporting to be from legitimate companies in order to induce individuals to reveal personal information or otherwise compromise their accounts or computers.

Body

What Is It?

The fraudulent practice of sending emails or text messages purporting to be from legitimate companies in order to induce individuals to reveal personal information or otherwise compromise their accounts or computers. 

Table of Contents

How do I report phishing

Phishing emails should be reported to the IT Helpdesk, so an alert can be posted. Report to the IT Helpdesk at this link: mtech.teamdynamix.com/TDClient/Home/?ID=99f6b374-a52c-46d0-83db-51443fc22cd8

Report Phishing on the web application by pressing the shield with an exclamation mark in the center to bring down a dropdown menu. Then click the button Report Phishing

Uploaded Image (Thumbnail)

Report phishing on the Outlook application by pressing the button that says Report Phishing

Uploaded Image (Thumbnail)

Phishing can be reported this way through Outlook in the phone app:

Step 1: 

Click the kebab menu in the top right corner

Uploaded Image (Thumbnail)

Step 2:

Select the button Report junk

Uploaded Image (Thumbnail)

Step 3:

From the options that pop up, select Phishing

Uploaded Image (Thumbnail)

You can also report phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org.  Phishing text messages can be forwarded to SPAM (7726).

Return to Table of Contents

How Can I Protect Myself?

  • Submit any suspicious emails at this link: mtech.teamdynamix.com/TDClient/Requests/ServiceDet?ID=33144
  • Keep your anti-virus software up-to-date and enabled
  • Be suspicious of email messages from sources (people) that you do not know or recognize.
  • Ensure the email address is not an impostor. Before responding, look at the email address, not just the name of the person sending the email.
  • NEVER respond to any email messages asking you to click a web link to raise your email quota(our email system will NEVER send you a request asking you to do that).
  • NEVER respond (reply) to any email messages with confidential information (Social Security number, Credit Card numbers, account Passwords).
  • NEVER click a suspicious link or attachment. 
  • Protect less sensitive information such as names and addresses. This information can lead to more elaborate phishing attempts.
  • If you accidentally responded to a phishing message, please contact the Information Technology Help Desk for additional advice.
  • Montana Tech will never send you an email containing a link asking you to click on it in order to update your credentials.
  • Use different passwords for every service. This limits the number of your accounts that are compromised if one becomes compromised.
  • Use two-factor authentication where available. Here is a link to better understand two-factor authentication: en.wikipedia.org/wiki/Multi-factor_authentication

Return to Table of Contents

How Can I Tell If A Message Is Phishy?

  • Oftentimes Scammers try to impersonate large companies such as Amazon, so make sure to verify that an email address matches who the sender claims to be.
  • Does the email contain a hyperlink or URL? Is it mismatched? Does it try to fool you by looking like a safe URL but really it is directing you to a bad site? To check this, hover your mouse over the hyperlink and see where the link is really going to take you. Scammers may use tools such as TinyURL to obfuscate the URL's true destination or intentionally long URL to confuse you.
  • Does the message contain poor spelling or grammar?
  • Does the message ask for personal information?
  • Is it too good to be true? 
  • Did you initiate the action?
  • Are you asked to send money?
  • Does the message make unrealistic threats?
  • Does it appear to be from a government agency?
  • Does it just not look right?
  • Does it contain a generic greeting?
  • Did the message call for immediate action?

If you get a message like any of the examples below, please do not respond.

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Uploaded Image (Thumbnail)

Smishing

Smishing is phishing via text. Identifying a smishing message can be difficult.
If you think it could be legitimate- from a DR. office etc, look up the phone number for the office/business via a different method (Goggle, phone book, business card) and call them to find out if the message is legitimate.
Some signs that your text is a smish

  • Sender is 'unkown'
  • The message has a sense of urgency.
    • Ex. We will suspend you account if you do not respond within 24 hours.
  • The link is suspicious (ie. http://bit.ly/237377)

Return to Table of Contents

Additional Information

If you want more information, here is an article about phishing, 

www.phishing.org/what-is-phishing

There is also an Information Security course that is accessible through your Moodle courses.

Return to Table of Contents

Details

Details

Article ID: 73670
Created
Tue 3/12/19 6:20 PM
Modified
Thu 6/29/23 4:04 PM

Related Articles

Related Articles (2)

Saving Text of Email Headers (Office365)
Find email headers to help I.T. debug your problem.
Saving Text of Email Headers (Outlook)
Find email headers to help I.T. debug your problem.

Related Services / Offerings

Related Services / Offerings (3)

Compromised Account
Has your account been compromised?
Report a Phishing, Scam, Virus, or Malware Email
Tell us if someone is trying to scam you or gather information about you under false pretenses.
Report an Email Problem
Having trouble with email? Let us know.