This article provides information regarding what phishing and spear phishing is, examples, and action items on what to do when you receive a phishing email or text.

What is a Phishing?

Phishing - the fraudulent practice of sending emails or texts purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Phishing emails and texts usually arrive to many individuals at the same time and are usually a shot in the dark by the malicious actor who hopes that an individual falls for their scam and submits some sort of useful information. The malicious actor can then use the gained information to either gain access or build a more convincing phishing campaign. In some cases, if the malicious actor gains enough information, they might move to a more complex attack such as Spear Phishing.

Spear Phishing - the fraudulent practice of sending emails or texts ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

Spear Phishing emails and texts are harder to recognize, so they present even more danger than usual. Receiving a spear phishing email means that a malicious actor is targeting you specifically or a group of related individuals. The malicious actor will use information that appears familiar to you against you. They will use real names that you recognize, replicate processes and requests, and even recreate whole websites to look just like what you are familiar with. They might pretend to be your colleague, friend, supervisor, or a vendor. This malicious actor has a predetermined goal, a plan to reach it, and enough data to attempt gaining your trust.

Recognizing Phishing

The following are some common signs of Phishing emails and texts that you might encounter:

• Unknown or unlikely sender email or phone number.

• Email address that is similar to the university email, but not quite right.

  • For example: @sacredheart.net, @shu.univeristy.net, @scaredhart.edu

• Familiar phone number or even your own phone number.

• Email address that is similar to a service you might use, but not quite right.

  • For example: @bankofmerica.com, @chase.bank.net, @audible.email.net

• Email is sent from a public domain.

  • For example: @gmail.com, @yandex.ru, @aol.com

• Grammatical and spelling errors.

• "Dear ," or "Good day ," where your name is missing or is filled in with an incorrect name or username.

• Demanding, urgent, and threatening tone implying something is going to happen if an action is not taken.

  • For example, phrasing like this could be used: "Open immediately", "Expiring today", "Urgent action required", "0 dollar balance reached", "Need your help", "Password expired", "Account deleted".

• Hyperlinks that lead to something other than what they promise. You can check this by hovering your mouse over a link without clicking it. The linked address will show up as a flag next to your cursor or at the bottom left of the page. If it's supposed to be a link to your bank or university account, it shouldn't be a long unrecognizable link.

  • For example, you see a link "Change your password" on an email claiming your password is about to expire. You hover over the link to check if the link address leads to "https://ams.sacredheart.edu", but instead you see "http://sacredheart.password.net/redirect/get-password.html". You now know the link is leading to a malicious page trying to collect your SHU credentials and can report the email.

• Attachments, especially unexpected attachments that the email asks you to open urgently.

  • Watch out for executable files (.exe), HTML files (.html), and PDFs (.pdf), but many malicious files can disguise themselves as harmless and still carry malicious code within them.

  • Do not open unexpected attachments. Only open attachments when you expect to receive one from a person you have been in contact with and who informed you of the attachment being sent. Another member of the university could have been hacked, and their account could be used to gather data from yours. If you did not expect an attachment from a person, and it is not a part of your job to receive attached data from others, it is best to give the sender a call or contact them on another platform to ensure they meant to send you the attachment. Emailing the sender back to ask about the attachment is not the best way to confirm their intentions, since if the account is compromised, you would be responding to a hacker.

  • A malicious actor can use attachments to install a virus onto your computer, gather your data, and credentials via a created back door, encrypt your device, or steal data and demand ransom.

  • A malicious attachment can come in various formats, executable, and applications are easier to spot, but even an Excel file, a PDF form and other everyday files can carry malicious pieces of code with them such as macros.

• A malicious text or email might ask you to provide a one-time code that they have sent to your Microsoft Authenticator or texted to you.

  • Never provide the one-time codes to anyone. University IT will never ask you for your authentication codes. If you are receiving unexpected codes through text, call, or are receiving authentication requests through your Microsoft Authenticator, do not provide them or approve access. Report strange activity to IT Service Desk for further investigation.

Common Phishing Examples

Here are some common phishing scenarios:

1. You receive an email or a text stating that you have 2 accounts and one of them will be deleted. To confirm your account, you have to fill out a form or text back a one-time code that you have received. What's really happening: a malicious actor has your password, but cannot get through your multifactor authentication (MFA).
2. You receive an email with an attachment claiming to be your W-2 from your supervisor. What's really happening: a malicious actor gained access to your supervisor's email and is sending you a malicious file, intended to acquire your data or access.
3. You receive an email claiming there is a job available doing data entry for 3 hours twice a week that will pay you $500 a week. What's really happening: a malicious actor is hoping to gain your personal information such as full name, social security, full address, numbers and so on that they can then use to scam you further or to sell your data to 3rd party.

What to do When You Were Phished:

If you have received a phishing text or email:

1. Have you clicked a malicious link, opened a malicious attachment, or sent back sensitive information? See this article regarding compromised accounts and devices.
2. Have you received a phishing text or email but not interacted with it? For emails, report it in your Outlook using PhishNotify. For texts, block the number and do not interact.
   1. If you were asked for a one-time code or received a notification to approve access that you didn't initiate, change your password as soon as possible.

If you are unsure, please call IT Service Desk at 203-365-7575 or submit a self-service ticket through this portal.