How to Identify and Act On an Email Phishing Attempt

Introduction

There are several things you can do to protect yourself and ISU against malicious phishing scams.  The tips shown below can help you identify a scam and protect institutional information from getting into an attacker's hands.  Some best practices are listed below.

Important! If a message in your inbox seems suspicious based on these tips, then forward it to stop-spoofing@indstate.edu as soon as possible so OIT Security personnel can assist with reviewing and possibly preventing an attack!

Phishing Indicators

  1. Consider whether an email in your primary inbox doesn’t seem very typical from the sender, or is from an unknown sender – see tips below.     If the message seems suspicious, forward to stop-spoofing@indstate.edu.
  2. If you find an email that seems suspicious in your junk mail folder, delete or ignore it. It was most likely flagged as suspicious and sent directly to your junk mail folder by the email security system, so there is no need for you to report it.
 

Be Suspicious of 

  1. The email address.  If it is from a legitimate sender, but the “FROM” address is a personal account, like @gmail.com or @hotmail.com, this is probably an attack. Also, check the “TO” and the “CC” fields. Is the email being sent to people you do not know?

  2. Emails addressed to "Dear Customer or other generic greetings. If a trusted organization needs to contact you, they will know your name and information. Also ask yourself: am I expecting an email from this company?

  3. Grammar or spelling mistakes. Most businesses proofread their messages carefully before sending them.

  4. Messages that require “immediate action” or create a sense of urgency. This is a common technique to rush people into making a mistake. Legitimate organizations will not ask you for your personal information. 

  5. Only click on links that you are expecting.

  6.  Attachments, only open those you are expecting. Never hesitate to verify with the real sender.

  7. Messages that sound too good to be true. (No, you did not just win the lottery or get hired for a job you did not apply for!)

Warning!

If you believe that you might have revealed sensitive information about your ISU account, such as your password, then please reset your password immediately at isuportal.indstate.edu and contact the ISU OIT Help Desk at 812-237-2910.

 

 

 

Conent for Panel 5

Was this helpful?
100% helpful - 1 review

Details

Article ID: 74878
Created
Tue 4/2/19 2:11 PM
Modified
Tue 7/27/21 10:00 AM