Phishing Alert: Spear phishing email sent to Auburn University
March 04, 2014 @ 07:47 am
A spear phishing message was sent out to the Auburn University community this morning. To learn about about phishing, visit http://www.auburn.edu/phishing.
Here's a screen shot of the latest email. Can you spot the signs of a phishing attempt?
- Return Address: The email identifies itself as "Auburn University"but the actual return address is "firstname.lastname@example.org". Note: "David"probably did not send this message and this address is being spoofed.
- Generic Greeting: "Dear User"
- Urgent/Threatening Language: "Your account has been flagged"
- Poor Grammar/Spelling: Read that subject line and the second sentence again.
- URLs Don't Match: The links says it is "www.auburn.edu"but if you hover your cursor over the link you would see the true destination: "http://www.leasehunters.ca/wp-includes/js/jquery/auburn.edu.htm", which is not an Auburn University page.
- Avoid the Obvious: "Maintenance Department"doesn't apply in this instance.
You shouldn't have clicked the link, but if you had it would have taken you to the following page. This is a clear example of "Spear Phishing". The only individuals being targeted are Auburn University affiliates. Notice the phishing signs?
- Page is Not Secure: Look out! Never log into a website that does not have a proper security certificate. Look for the Lock icon in the address bar (usually should be green).
- Bad URL: Check out that URL? That's not an Auburn website!
Did You Fall for It?
- Immediately change the password to the online account the phishing email was pretending to be from and to any other accounts that used the same login information.
- Contact the OIT HelpDesk at (334) 844-4944 or email@example.com.
- Run a virus scan of your system using your anti-virus software.
- If you believe you may be the victim of identity theft, visit: Federal Commission for Identity Theft
- Forward the phishing email "as an attachment" to firstname.lastname@example.org and then DELETE the message from your Inbox.
- Regularly check your banking and credit card accounts for any unauthorized transactions that may have been initiated by the phishers.
- DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly.
- DO NOT click a link in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
- DO NOT use the same password for your University account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places as they can.
- DO change ALL of your passwords if you suspect any account you have access to may be compromised.
- DO be equally cautious when reading email on your phone. It may be easier to miss telltale signs of phishing attempts when reading the email on a smaller screen.
Last Updated: July 1, 2014