Office of Information Systems

Arkansas Tech University

Phishing

InfoSec Quick Links

Home
Account Management
ATU Altert
Contact InfoSec
Data Security Awareness
Phishing
Policies/Guidelines

Be the Hero… Report Phishing!
You are the first defense against undocumented Phishing attacks.

Phishing is the act of trying to trick you into giving out private or sensitive information by email or phone. Phishing attempts have evolved into targeted attempts on individuals with high profile lives or high ranking career positions know as Spear Phishing. No matter the method used, there are steps we can all take to help stop phishing attempts from being successful. Our OIS department has email filters in place to catch the currently known phishing schemes. But new phishing schemes are initiated daily, and we cannot defend against those initial attacks until we know about them.

Here’s where You get to be the Heroes. You are the first line of defense against previously unknown phishing schemes. So any smart OIS team is going to educate it’s community, You, on “How to Spot a Phishing Attempt” and “How to Respond to a Phishing Attempt.” And while this will be short and to the point, you may also access the complete “Phishing Prevention Q & A” and “Phishing Best Practices” on this site.

Additional Information:
Phishing – Don’t Take the Bait
How to spot phishing attempts
How to respond to phishing attempts
Phishing Q & A

Recent Phishing Attempts:

Walgreens Pickup Notice – Gift Card#:

Walgreens Gift Card

Mailbox Exceeded Limit:
Adriana Mailbox_Exceeded

Sgt Jamie Hovis Assistance Plea:
Sgt_Hovis

Exceeded Limit on Mailbox:
Linda Linsy Exceeded_Limit

How to spot a phishing attempt

Phishing attempts usually include one or more of the following:

  • Emails with miss-spelt words and/or poor grammar
  • Emails with a fraudulent from address that may not have a valid domain may be used
  • Emails asking for username, account id, password, or pin
    *** No legitimate company or organization will ask for your password by email!!!
  • Emails from unfamiliar senders
  • Emails containing attached files to open
  • Unsolicited emails instructing you to click on a link and enter private or login information
  • Emails that urge you to “act quickly” because:
    • your account had an unauthorized access
    • you won . . . something
    • your account will be inactivated unless you…
    • you must sign up for a new security feature
    • an accounting error has been corrected and you need to sign in using this link…
    • your account was used for fraud and you will be held liable unless you…
  • Phone calls that ask for private information, do not give it! Hang Up!!!

How to respond to phishing attempts.

  • Never reply to the phishing email.
  • Never click on any links in the phishing email.
  • Never open any attachments in a phishing email.
  • Contact the Campus Support Center at 968-0646, and report the phishing attempt you have received.

Campus Support Technicians will instruct you on what to do next. Never give out information over the phone to someone unknown to you. Hang Up & Report it.

Phishing Prevention Q & A
Q: What is Phishing?
A: An online scheme designed to trick recipients into revealing private or sensitive information, such as account information or logon credentials, or get them to click on an unsafe attachment.

Q: What is Spear Phishing?
A: A very targeted attempt at phishing that includes information specific to the targeted individual such as a charity, bank, or credit card company that the targeted individual is associated with or uses to transact business.

Q: Will any office at Tech ask for a password via email?
A: No. Email will never be used by any Tech office to ask for your password. Remember that no legitimate organization will ever ask you to provide your password or PIN in an email.

Q: Why am I constantly receiving fraudulent or spam emails?
A: Scam artists have many avenues to get your email address.

Q: What is the primary danger of a phishing attempt?
A: Identity theft, loss of finances, and theft or leakage of data.

Q: How can you detect phishing?
A: Any correspondence attempts to gain personal information or system passwords or PINs are phishing attempts. If you receive a request for personal information from an entity you trust and think might be legitimate, do not respond to the correspondence. Instead, contact the entity by another known contact method such as by the phone number on a bill, invoice, or statement.

Q: What should you look out for?
A: Requests to provide account numbers, system IDs, and passwords or PINs are always phishing attempts. Requests to provide personal information like birthdate, social security number, name, and address are usually phishing attempts. May include misspelled or inaccurate information, or usage of poor grammar.

Characteristics of fraudulent emails:

  • emails that urge you to act quickly because:
    • You are a finalist or winner of an official contest
    • Your account may have been subject to an unauthorized access
    • You must update your personal information to prevent account inactivation or deletion
    • Your account was used for fraud and you will be held accountable
    • You must sign up for a new online security feature
    • A simple accounting error has been made and corrected and you need to click on a link to accept/confirm
  • emails containing a hyperlink to a fake site
  • emails without a legitimate from address like jsmith@atu.edu
  • emails containing attached files to open
  • non solicited emails asking you to click on a link and enter account and password information
  • non solicited emails asking for username, password, and other personal information to confirm your account

Q: What should you do if you think you have responded to a phishing attempt or clicked on a link in a fraudulent email?
A: Change whatever credentials you gave out immediately and report the incident to the institution associated with the phishing attempt.
Examples:

  • You gave out a bank account number and pin; Contact the bank
  • You gave out a password or PIN to an ATU system; Change the password or PIN and call Campus Support to report the incident.

Q: Can phishing attempts be prevented?
A: Email-based phishing is a form of spam that may be caught and prevented with email filter settings. While measures are in place to catch known phishing attempts, new attempts are being formulated daily. So the reality is that no filter will catch every attempt. And the best defense remains educating the community served by Tech with the knowledge to detect and stop phishing attempts, and an easy method to alert the Office of Information Systems when a phishing attempt incident has occurred.

Q: Can I protect myself against phishing attempts?
A: Everyone will occasionally receive fraudulent emails. The best protection is to remain vigilant in our education and use of safe computing practices.

  • Never give your username or password in response to an email.
  • Never respond to email requesting personal information, no matter who the sender is.
  • Never click on a link inside of an email in an unsolicited email.
  • Never open an email attachment from a sender you do not know.
  • Never load images from an unsolicited email.

*** Remember, NO legitimate organization will ever ask for your password or PIN thru email.