Security Awareness: How to Identify and Act On an Email Phishing Attempt

Introduction

There are several things you can do to protect yourself and ISU against malicious phishing scams.  The tips shown below can help you identify a scam and protect institutional information from getting into an attacker's hands.  Some best practices are listed below.

Important! If a message in your inbox seems suspicious based on these tips, then forward it to stop-spoofing@indstate.edu as soon as possible so OIT Security personnel can assist with reviewing and possibly preventing an attack!

Phishing Indicators

  1. Consider whether an email in your primary inbox doesn’t seem very typical from the sender, or is from an unknown sender – see tips below.     If the message seems suspicious, forward to stop-spoofing@indstate.edu.
  2. If you find an email that seems suspicious in your junk mail folder, delete or ignore it. It was most likely flagged as suspicious and sent directly to your junk mail folder by the email security system, so there is no need for you to report it.

 

Be Suspicious of 

  1. Is the sender address from @indstate.edu, or is it from a third-party sender like @gmail.com? Impostors use accounts to impostor our ISU community. Also, check the “TO” and the “CC” fields. Is the email being sent to people you do not know?

  2. Am I expecting an email from this sender? An 'odd' subject or one with a sense of urgency is an indication that it may be fraudulent.

  3. Grammar or spelling mistakes. Most businesses proofread their messages carefully before sending them, and international criminals may have a secondary grasp or oddly formal use of the English language.

  4. Messages that require “immediate action” or create a sense of urgency. This is a common technique to rush people into making a mistake.

  5. Only click on links that you are expecting.

  6.  Attachments, only open those you are expecting. Never hesitate to verify with the real sender.

  7. Messages that sound too good to be true. (No, you did not just win the lottery or get hired for a job you did not apply for!) Legitimate organizations will not ask you for your personal information via email.

Never hesitate to verify the sender of an email! Call the sender or use a search engine to determine the correct contact information for the alleged sender. You should also never hesitate to forward the message to stop-spoofing@indstate.edu so a team of information security professionals can assist in assessing the legitimacy of the message!

If you believe that you might have revealed sensitive information about your ISU account, such as your password, then please reset your password immediately at isuportal.indstate.edu and contact the ISU OIT Help Desk at 812-237-2910.

 

 

 

Conent for Panel 5

100% helpful - 1 review

Details

Article ID: 74878
Created
Tue 4/2/19 2:11 PM
Modified
Mon 6/5/23 9:01 AM

Related Services / Offerings (1)

Security - Report an Incident
Use this service to report any type of security issue with ISU owned devices or ISU faculty, student, or staff personal/private information.