|From: Beth Ward <Beth.Ward@steward.org>
Date: August 24, 2017 at 12:42:01 PM MDT
To: “email@example.com” <firstname.lastname@example.org>
Subject: FW: Help Desk
CLICK HERE TO UPGRADE YOUR BOISE STATE UNIVERSITY MAIL BOX STORAGE LIMIT TO AVOID DEACTIVATION IN 8 HOURS
Phishing Points to Keep in Mind
Unfortunately, phishing scams are a fact of life in our connected world and recognizing malicious emails can be difficult. Below is an analysis of the email that will help you determine phishing emails in the future:
There is little risk in opening and reading email. However, opening attachments or clicking on links can be dangerous. If an email seems strange or suspicious, simply delete it. If you are not sure if an email is an attack, forward it to the Boise State Help Desk at email@example.com.
1. Notice how the email is using a compromised account <Beth.Ward@steward.org> this address is not in any way part of Boise State University.
2. Always check the “To” field. Does the email have your address in the field or something else? In the case with this email the “To” field has firstname.lastname@example.org – a red flag indicator that it is a phish.
2. Be suspicious of any email that requires “immediate action” or creates a sense of urgency. This is a common technique to rush people into making a mistake. This email tricks users into thinking that there is something wrong with their email and that it needs to be upgraded. Keep in mind what the email is stating or asking. Does it make sense? Does it sound suspicious? Chances are if it sounds suspicious then it’s a phishing email. If an email requires you to act immediately or requests personal information including credentials, then call the email source or colleague to confirm the authenticity of the request prior to releasing any information. If you have any suspicions about an email please contact the Help Desk directly at 426.HELP (426.4357).
3. Be careful with email links. Always hover your mouse over the link prior to clicking so you can see the actual website destination. Never enter your credentials through a link in an email. If the website destination looks correct, open up a new window and type in the website address directly. Be aware of where a link is taking you. As you can see by hovering over the link with your mouse that the website destination is “office1000weebly.com”. This is in no way connected to your access with your Boise State email account.
- Note: The Office of Information Technology will never ask to disclose your user name and password in an email.