Top

Articles in this section

See more

Phishing or Fraudulent Emails - Identification and Response

Avatar
Ted Kocher
Updated
Follow

Audience: All Franklin University users with University Office365 email accounts. 
Disclaimer: The results and functionality of the following article only apply to the audience listed above. 

  

A summary of this article appears in the following video. For more detailed information please see the full article below.

 

Phishing or Fraudulent Emails

Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies or individuals in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

 

This article contains the following sections:

 

How to Identify Phishing or Malicious Emails

  • Banners: Faculty and Staff watch for banners that indicate if the email arrived from outside of the Franklin organization. Click Here for more information.
  • Misspelling – Often the subject or the body of a phish will contain misspelled words.
  • Sending Address – Many phishing emails will come from an address that looks official at a glance, but can be spotted with a little scrutiny. (e.g. Microsoft_billing@mail.media.co). Don't respond to emails that appear to be official but come from unofficial email addresses. Additionally, an official email will never be sent from a consumer-level email domain (@gmail.com, @yahoo.com).
  • Suspicious Links – You can always hover your mouse pointer over a link to see its destination address without clicking it. Most email links will begin with "https://url.avanan.click/v2/" which is a result of our additional threat protection product. The actual URL will appear after this avanan phrase.
  • Suspicious Attachments – An attachment is the most frequently used method to deliver a malicious payload. Always be suspicious of an attachment supposedly containing information that could easily have been in the body of the email. Verify the email came from a trustworthy source and that an attachment is expected before opening one.
  • Urgency – Attackers employ methods to make you feel like action must be taken quickly. (e.g. “your account will be charged”, “your account will be locked”, “about to expire”).
  • Greetings – Phishing emails often have generic greetings and signatures such as "Dear User" and "Sincerely, IT Helpdesk," etc.
  • SMS and QR Codes – Be wary of anything that arrives unexpectedly by texts, or any type of messages with QR codes. 

Please note that Franklin University will NEVER ask for your password through e-mail, so be wary of anything that says otherwise.

 

How to Identify Phishing Websites

Phishing emails will often link out to malicious websites that ask you to log in or provide payment information. By filling in this kind of information on the malicious site, attackers then gain access to your username, password, or payment information. It is important to be able to identify these websites as well.

  • Check for slight misspellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com
  • Check that you are on a legitimate website - Just because the word "Franklin" is in the web address doesn't mean that it is a legitimate website.
  • Be wary of pop-ups - Some phishing sites may take you to a legitimate website, but then prompt you for your username and password via an additional popup window.
  • Heed browser warnings - Many browsers have the built-in capability of warning you that a website you are about to visit may be unsafe.

 

Phishing Email Example

Here is an example of an email that may look legitimate at first glance, but upon careful review it can be determined that this email is not from a trusted source and is likely a phishing email. See below for ways to identify this email as phishing.

phishing_email_example_annotated.png

  1. The Franklin University external warning banner (available for faculty and staff accounts). This indicates that the email arrived from outside of the University. This is not necessarily a problem (all emails from Microsoft contain this banner since they are not from within the University), but it is a first indicator to double-check the validity of the message.
  2. The sender's address is not official. The email purports to be from "Microsoft OneDrive" but the actual sender's address is "alert@office-365-security-notifications.com," which is not actually a Microsoft address. Any message from Microsoft would end with "microsoft.com."
  3. Were you expecting a file to be shared with you from this user? Were you actively working on any documents or projects together? If this is completely unexpected, reach out to the person through chat or phone to validate the fact that they did share something with you.
  4. Look out for attachments or links with very generic names like "agenda," "invoice," "document," "fax," etc. Hovering your mouse over each of these links would reveal that they would take you to "http://365-office.net/landing/dkjf03e497652-2342dfs" when clicked. Since this is not an official Microsoft domain, this indicates that the email is not legitimate.

 

How to report a phishing email to the University and to Microsoft

If you receive an email that you suspect to be a phishing attack, we want to know about it! Please report these kinds of emails to the Help Desk so that we can investigate. We can confirm if the email was indeed a phishing attack or if it was safe. Additionally, by sending us a copy of the message, we can check to see if any other University members have received the email in question and may be able to remove it before anyone else interacts with it. Please follow the steps below to report a phishing email:

  • Notify the Help Desk - Forward the email as an attachment. It is not sufficient to merely forward the email as you normally would, as this does not capture additional details about the email that we need to fully investigate, such as mail headers or attachments. To forward an email as an attachment: 
    • In Outlook Desktop: 

      1. Select the email in the message list.

      2. On the main Outlook Ribbon, select More Forward as attachment
        forward_as_attachment_1.png

    • In Outlook on the web:
      1. Select the email in the message list.
      2. On the main Outlook Ribbon, click on the arrow next to the Forward button, and select Forward as attachment.forward_as_attachment_2.png

 

  • Notify Microsoft - After reporting the email to the Help Desk, it is also helpful to report the email to Microsoft directly so they can flag it as a phishing email in their systems.
    • In Outlook Desktop:
      1. Select the email in the message list.
      2. On the main Outlook Ribbon, select Report Message > Phishingreport_email_1.png
    • In Outlook on the web:
      1. Select the email in the message list.
      2. On the main Outlook Ribbon, click the arrow next to Report and then Report phishing.report_email_2.png

 

Steps to take if you fall victim to a phishing attack

If you click on a link, open an attachment, provide some requested information, or otherwise interact with a message that you later realize was a phishing email, please complete the following steps to help reduce the possibility of an attacker accomplishing something with the information that was provided:

1. Reset your password: If you have entered any personal information as a result of the email, or clicked on links in a malicious email, best practice is to promptly change your University password. Password credentials are the most common thing hackers are trying to access from you. 

          password.franklin.edu

2. Forward the email to the Help Desk as an attachment for further investigation, as described above.

3. Report the email to Microsoft as described above.

 

 

Additional Recommendations and Best Practices

  • Please note that Franklin University will NEVER ask for your password through e-mail, so be wary of anything that says otherwise.
  • Don't use easily guessable passwords.
  • Don't use the same password for all websites and applications. 
  • Don’t enter sensitive or personal information on unsolicited websites or popup windows.
  • Go to links yourself, rather than clicking on links in emails
  • Don't click anywhere in suspicious e-mails—even in what may appear to be white space. Moving an email to the Junk folder can expose links hidden within an email. 
  • Don’t open attachments in unexpected or suspicious e-mails or instant messages.
  • Don’t send passwords, bank account numbers, or other private information in an email.
  • Don't accept social media friend requests from people you don't know
  • Don’t provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
  • Look for 'https://' and a lock icon in the address bar before entering any private information on a website 
  • Install and regularly update an anti-virus program that can scan email.
  • If an email from a friend or colleague looks suspicious, call them and ask if the email is legitimate
    • Faculty and Staff: See the following link: Click Here
  • Call your financial institutions directly using the number found on the back of your credit/debit card or your monthly statement
  • If a person is requesting for personal information from an unrecognized number, ask for a case number and then call back through the main number.
  • Never use your University credentials (username/password) to login to other non-University websites
  • Never respond to a request for your password sent by e-mail, even if the request appears legitimate.
  • When in doubt about an email, contact the Help Desk.

 

Helpful Links:

http://www.phishing.org/what-is-phishing

https://www.microsoft.com/en-us/wdsi/threats/support-scams

https://www.consumer.ftc.gov/articles/0003-phishing

 

 

Wish to log a request with the Help Desk? Use your Franklin University username and password to login: Log A Request