PULLMAN, Wash. – Washington State University is often the subject of targeted phishing attempts (also known as “spear-phishing”) in which an email claims to be from a group or person at WSU or claims to be specifically related to university business. Some of the recent attempts claim that your email inbox is full or that you need to reset an email account password, but various other models are seen from time to time as well. These are fraudulent emails and should be deleted. Do not click on the links!
How to spot a phishing email
Phishing is the act of attempting to trick you into taking action by masquerading as a trustworthy entity in an electronic communication. The actions advocated in these fraudulent emails could include providing information such as user names, passwords and/or credit card details, installing a piece of software or clicking on a link to a Web page.
Review and compare the “from” address on emails you find questionable. Do you recognize it and does it match the company or entity referenced in the body of the email? Were you expecting that email from that particular sender? If not, be suspicious.
Is there a link/URL embedded within the email asking you to click on it? Be wary; it will probably ask you for your login and password or it may download malware onto your computer. When in doubt, a quick response to the message via phone or text could validate it as legitimate or not. It isn’t recommended to reply to the email as you can’t be certain who is on the receiving end.
Phishers are getting very tricky mimicking official organizations; be cautious of any email asking you to click on a link or supply your login and password. Phishers are just the digital version of the confidence men, a.k.a. con men that have been around for centuries. They attempt to gain enough “confidence” through crafty emails to get you to do what they want – in this case so they can gain access to your secure information.
Here’s what to do
If you do not reply to the email, open its attachments or click its links, then you are fine; there’s nothing more you need to do. Just delete the email.
However, if you responded to a phishing email and entered your Access ID or Network ID and password or any other personal information, the phishers will have collected that information. If you clicked on the link or opened the attachment, you may have inadvertently installed some malware on your system. The WSU IS Security Office recommends that you immediately change your password and contact the IS Help Desk at 509-335-4357 or email@example.com.
The IS Security Office recommends that you never respond to requests for personal information that may be contained in suspicious emails, voice messages or text messages. It is best to assume any solicitation of personal information employing fraudulent methods is not authentic.
For further assistance, please contact your departmental information technology support staff or the IS Help Desk at 509-335-4357 or firstname.lastname@example.org.