University Technology

Recent Phishing Email

February 16, 2017

Today, many members of Western Illinois University received a phishing email scam. The email in question looks like the one below (the malicious links and bogus email address have been redacted):

----------------------------

Hello,

Security situation had been reported on campus, we do advise you to follow guild lines as outlined below;

Open the hyperlink via secured HTML, ClickHere to view.


Thanks,
Kelly Bennett
Department of Safety and Security.

© 2017 Western Illinois University
1 University Cir,
Macomb, IL 61455
All rights reserved.

----------------------------

If you received this message:

  1. Report it as phishing within Gmail.
  2. Delete it.
  3. Do not reply to it.
  4. Do not click on any links within the email.

Please be aware of these Social Engineering and Phishing scams. They are not always just via email, but include telephone calls, use of social media, and other attack avenues.

Common signs of a phishing email

The phishing email has many giveaways that indicates it is not to be trusted, as does the website that the phishing email linked to:

  • Poor spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see "Email and web scams: How to help protect yourself".
  • Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
  • Threats. Have you ever received a threat that your account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see "Watch out for fake alerts".
  • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. For more information, see "Avoid scams that use the Microsoft name fraudulently". Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered. For more information, see "Protect yourself from cybersquatting and fake web addresses".
 

Portions courtesy of the State of Illinois Chief Information Officer.