Phishing Points to Keep in Mind
Unfortunately, phishing scams are a fact of life in our connected world and recognizing malicious emails can be difficult. Below is an analysis of the email that will help you determine phishing emails in the future:
There is little risk in opening and reading email. However, opening attachments or clicking on links can be dangerous. If an email seems strange or suspicious, simply delete it. If you are not sure if an email is an attack, forward it to the Boise State Help Desk at firstname.lastname@example.org.
1. Notice how the bogus email has been spoofed using a compromised user account and does not truly originate from the boisestate.edu account. This was a clever disguise as it appears to come from a boisestate.edu account. This is becoming a popular technique among cyber-criminals as not all browsers and mobile devices show the full “From” line. If you have any suspicions about a boisestate.edu account please contact the Help Desk directly at 426.HELP (426.4357).
2. Be aware of logos used in emails or websites that look official. It is easy for Phishers to create emails and websites that look like the genuine article, complete with the logos and other graphics of trusted websites.
3. This email was extremely generic in nature and designed to work against all Boise State users. Be suspicious of emails that use generic salutation or none at all, as in this case.
4. Be careful with email attachments! Avoiding opening unverified emails, attachments, and links embedded in them. Ransomware is on the rise. In 2016 alone, an average of 10 new ransomware families were released per month. 76% of ransomware is spread through spam. By just clicking you can unknowingly allow the malware to encrypt your files. Always hover your mouse over a link prior to clicking so you can see the actual website destination. Never enter your credentials through a link in an email. If the website destination looks correct, open up a new window and type in the website address directly.
- Note: The Office of Information Technology will never ask to disclose your user name and password in an email.