A Message from the Office of Information Security (OIS):
This February, OTS launched the phishing@towson.edu anti-phishing initiative. Since then, we have received over 3,200 suspected phishing emails resulting in the identification and prevention of more than 100 phishing campaigns. Through these submissions, OTS has also identified and remediated over 10 compromised Towson University NetIDs. Thank you to everyone who has sent potential phishing emails our way. Our ability to identify and prevent phishing from coming into your inbox relies on your reporting.
An example of a phishing email to beware of & report to OTS: (focus on the colored text)
From: “Nellhaus, Susan” <snellhaus@malden.mec.edu>
Date: May 13, 2014 at 10:26:43 AM EDT
To: “Nellhaus, Susan” <snellhaus@malden.mec.edu>
Subject: RE: MAILBOX EMERGENCY SECURITY ALERT !!!
Your account safety is our top priority.
Account Update/certification notice: Dear Outlook Account User,
This message is from Outlook user care messaging center, to all Outlook account owners. We are currently upgrading our data base servers, and e-mail account center. Recently, we have detected some unusual activity on your account and as a result, all email users are urged to update/certify their email account within 24 hours of receiving this e-mail, using the update link: ITS-SUPPORT to Certify and Confirm that your email access and that your account is up to date with the institution requirement.
Do not ignore this message to avoid termination of your web-mail account.
Our apologies for any inconvenience this may have caused, but your account safety and privacy is very important to us.
Thanks for your co-operation.
ITS help desk
ADMIN TEAM
©Copyright 2014 Microsoft, Inc.
All Rights Reserved
Why this is phishy:
- Someone from malden.mec.edu is contacting me about my Towson email.
- Spelling, grammar, & capitalization is off.
- “ITS” is not the name of Towson’s technology group.
- “RE:” is in the subject, yet you never emailed this person.
What is phishing?
Phishing is the most common form of cyber-attack–an email scam in which the sender attempts to obtain personal information (typically your username and password) which can be used to access your email, spread other phishing messages or steal your identity. The most common types of phishing are attacks in which scammers pretend to have a fortune that they can only access with your help, and personalized attacks that entice you to indulge sensitive information (like a social security number) or download a malicious file.
How to prevent phishing
TU regularly blocks phishing emails, but some may still get through to your inbox. Here are some easy tips to protect yourself:
- Don’t send your personal information via email. Legitimate businesses — including Towson University — will never ask users to send sensitive personal information through email.
- For secure transactions being made via a website, look for a lock icon in the URL. This indicates that the website is using https – an encrypted protocol – to send your sensitive information, ensuring that scammers cannot intercept it.
- Be wary of attachments. Never open an attachment from someone you don’t know, and be specifically wary of .exe files (which run commands on your computer) and .zip files (which contain a package of files).
If you think you’ve received a phishing email, do NOT respond to the email. Forward it to phishing@towson.edu.