Recent Email Phishing Messages

Created by Micah Schaafsma
Jan 09, 2018
3 min read

Recent Phishing Messages to SPU Email Accounts

Many of you may have received suspicious phishing email messages to your SPU email account over the past few days. "Phishing" is the name given to email messages that try and trick you to give up your username and password.

SPU is the target of frequent phishing attempts. We block 1,000's of messages a day that are phish -- but some are always going to get through. Requests for "immediate action" to prevent account closures, disconnection of service, or other verification requests are sure signs you're being "phished." SPU WILL NEVER ask for your PASSWORD via email.

---Please Read Through The Reminders We have Previously Sent---

When are you most susceptible?

Statistics reveal some interesting patterns and trends in regards to when and how most people fall for phishing:

  • More responses occur from mobile phones.
  • More responses occur when respondents are away from the office.
  • More responses occur outside of work hours (evenings and weekends).

Phishing Sample Review

Below is a snippet from a phishing message.

This example illustrates three message characteristics to be on the guard for:

  • Greetings and closings. A generic recipient or closing is a good indication the message is phishing.
  • Clickable links re-direct you to another web site. Always be cautious about links in email messages. See below for "hover" technique.
  • Threats or urgency in the message language, such as response deadlines.

Use the "Hover" Technique

Many phishing messages include links that send the user to a malicious web site or a fake login page. Hover over the web links with your mouse to inspect the web site address BEFORE YOU CLICK! An example might be the printed URL and actual destination addresses don't match.

Yes, SPU Users Are Still Taking the Bait!!

Despite the warnings about responding to phishing messages - some students and staff continue to be victimized.

  • Phishing scams appear to come from legitimate sources like the "Email Administrator," the "HelpDesk," the "IT Dept," your Internet Service Provider, your bank, eBay, Paypal, etc.... The messages often direct you to a fake web site or ask you to reply with private information like usernames and passwords, credit card, or other account details.
  • Beware and be suspicious! Scammers are very sophisticated in making their pages look like the real thing. Once your account information has been compromised, the hacker can then access other private and personal information, steal your identity and use your account to send spam.
  • What should you do if you take the bait? If you think you might have taken the bait and given up your SPU username and credential -- immediately go to the Banner System(Personal Menu, Computer Accounts Menu, Change Your Password) and reset your SPU password.
  • What CIS will do if your account has been compromised? CIS suspects an email account is compromised when we notice the account sending large volumes of spam or other malicious activity. Our action is to immediately disable the compromised account which will block access to SPU email, Canvas, Banner, and all other campus resources. The account will stay blocked until we can assist with password changes and remediation.

If you are suspicious about a message you get -- FORWARD the message to help@spu.eduand the CIS HelpDesk can help identify its legitimacy.