Phishing

A phishing email is a scam by which a person is tricked into doing something that they normally would not, though the medium of email.  Attackers send phishing emails for a variety of goals, but often, they are trying to steal confidential information (usernames and password combos, credit card information), infect your computer with malware, or trick you into authorizing fraudulent payments.  The latter is becoming increasingly common, in fact – this type of scam is usually called ‘spear phishing,’ and involves a personalized, well-researched approach against the victim.  Spear phishing campaigns usually target employee tax information, and changing vendor payment information (so that payments go to the attacker instead), but the possibilities are endless.

Even though Campus Technology Services and other legitimate entities would never ask for any personal or sensitive information over an email, there are a couple of things to keep in mind when faced with emails like this:

  • Always check the address from the sender, not just the name.

  • Always hover over links included in the emails to see where they will take you.

  • Always be suspicious of unexpected email attachments and requests for sensitive information.

  • Always verify the validity of a suspicious email via a different means of communication, like a phone call.

If you have responded to phishing emails with your LakerApps account, or you feel like your email account has been tampered with, please reset your password immediately at www.oswego.edu/reset. Most importantly, if you see something suspicious, please say something! Marking emails as spam or phishing will help Google better detect illicit messages in the future.

To learn how to report a phishing email in Google, and other phishing information, you can visit this Google Support Article about phishing, or reach out to the CTS Help Desk. The Help Desk can be reached at help@oswego.edu or 315-312-3456.

Don’t Get Caught by the Phish Hook

Determining what is a phishing email and what is not can be difficult.  But like any skill, spotting a phish can get easier if you practice. With that in mind, we’ve gathered some resources that will help you learn to identify even the cleverest of phishing emails.  

Phishing Quizzes

These quizzes are excellent preparation for spotting the next “phish hook” before it catches you (these are third party sites, so you may be asked for an email address or other information, but you do not have to provide it).

https://www.consumer.ftc.gov/media/game-0011-phishing-scams

https://www.opendns.com/phishing-quiz/

https://www.sonicwall.com/en-us/phishing-iq-test

https://phishingquiz.withgoogle.com/

https://www.ftc.gov/tips-advice/business-center/small-businesses/cyberse...

https://www.phishingbox.com/phishing-test

Examples of Phishing Emails

Seeing real-world examples of phishing emails is another way to become familiar with phishing tactics.  

Collections of phishing emails from other higher education institutions:

https://it.cornell.edu/phish-bowl

https://security.berkeley.edu/resources/phishing/phish-tank

http://www.northeastern.edu/securenu/phishing/the-phish-tank/