Phishing

From CIT Wiki
Jump to: navigation, search

Suspicious or "Phishy" Messages

Recently the campus was spammed with a batch of messages like this:

From: Jane Doe <jdoe@oberlin.edu>
Date: Wed, Sep 7, 2016 at 1:32 PM
To: undisclosed-recipients:;
Subject: Jane sent you a document

Jane Doe
sent you some files

Download

Files (12.1 MB total)
Document..Zip (1 of 1).jpg

Will be deleted on
10 September, 2016
Get more out of Dropbox, get Plus

What is Phishing?

Phishing is defined by the US Computer Emergency Readiness Team (US-CERT) as "...an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code."

A Taxonomy of Phish

  • Phish - A form of Spam email intended to fool readers into divulging email account credentials to the sender. In other words, a Phony fishing expedition.
  • Spear-fishing - A more directly targeted form of Phishing attempt, using lists of banking customers, college students and employees, and the like. More likely to succeed.
  • Whaling - A form of Spear-phishing targeted at CEOs, financial officers, others with access to large bank accounts or other high-value assets that might be compromised.

The Dangers of Phishing Messages

These "phishing" messages often increase in volume and frequency at various times during the year. Spammers send them in an attempt to get you to divulge personal information which can they be exploited, mainly to steal money, steal your identity, or otherwise perform some malicious activity.

What can they do with your Oberlin College email account?

  • Use your email account to send harmful phishing messages to people in your address book
  • Modify your Oberlin web site (if you have one) to spread infectious files to visitors
  • Attempt to log into restricted Library reference material, costing Oberlin access fees
  • Attempt to access other College systems, such as Blackboard

Identifying Phishing Messages

There are some telltale signs that can help you determine whether a message was sent by Oberlin College CIT, HR, or other legitimate organization, or by a spammer hoping to steal your confidential information.

A phishing message sent in 2014
  • If you notice poor grammar, spelling, or punctuation, the message may be coming from a spammer.
  • If the email comes from an address that does NOT end in oberlin.edu and you do not recognize, the message could be from a spammer.
  • If the message tells you to respond or click on a link or something dire will happen, such as your account will be deleted, or you will not get the forms you need, the message is likely from a spammer.
  • If links are included in the message and you do not ask for them, the message is likely from a spammer.
  • If the message is not signed by an actual person, such as Chester Andrews, Director of Client Services, but is instead signed by a generic positional name, such as Administrator, Admin, HR, Account Manager, The Oberlin Team, Ebay Admin, Bank Administrator, etc., then the message is very likely from a spammer.

Phishing Example 090716.png

Identifying Fraudulent Websites

A fraudulent website sent in July 2014.
This website was linked from a message sent to the campus in July 2016.

If you do not read the phishing message closely, you may click on a link without thinking and end up on a fraudulent webpage. But it's not too late! There are also some signs to look for on these sites to help you identify a scam before you enter your username and password.

Fraudulent websites usually have red flags to look for

What to do with Phishing Messages

Oberlin College CIT will never ask you for your password or email credentials in an email. Neither will other legitimate organizations. If you think a message looks "phishy", you are probably right to be suspicious.

There is little anyone can do in advance to block all phishing messages from reaching your inbox. If you've received a phishing message, staff members within CIT have likely also received it and are aware of the problem. Thus, there's no need to forward the messages to us. The best course of action you can take is to change your ObieID password immediately and click the "Report spam" button in OCMail (it looks like a stop sign with an exclamation point on it) to alert Google about the message and to help them refine their spam filtering capabilities.

Also, remain aware of potential phishing messages. Don't divulge personal information and don't click on links in unsolicited email.