Difference between revisions of "Phishing"

From The University of Akron Support Wiki
Jump to: navigation, search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Redbox|<b>Attention!</b>|<b>The University of Akron will never e-mail you and ask you to disclose or verify your UA password.</b><br> If you receive a suspicious e-mail with a link to update your account information, do not click on the link! Instead, report the e-mail to The University of Akron for investigation. Contact information for ZipSupport can be found [[contact_us|here]].
+
{{Redbox|<b>Attention!</b>|<b>The University of Akron will never e-mail you and ask you to disclose or verify your UA password.</b><br> If you receive a suspicious e-mail with a link to update your account information, do not click on the link! Instead, report the e-mail to The University of Akron for investigation. Contact information for the Help Desk can be found [[contact_us|here]].
 
}}<br>
 
}}<br>
{{Bluebox|Notice|Passwords expire every 180 days.  You can reset the password yourself at https://auth.uakron.edu or by contacting the [[Contact_us|IT Help Desk]].}}<br>
+
{{Bluebox|Notice|Passwords expire every 180 days.  You can reset the password yourself by following the [[Password]] guide or by contacting the [[Contact_us|Help Desk]].}}<br>
  
 
==What is Phishing==
 
==What is Phishing==
Line 22: Line 22:
  
 
==Responding to a compromised account==
 
==Responding to a compromised account==
If you discover that your account is compromised for any reason including responding to a phishing email, it is important to inform your system administrator or computing support desk as soon as possible. Every second that your account is compromised is another second that your online presence is out of your control. Examples of what hackers will do with your personal information include everything from sending an email to everyone in your address book, an attempt obtain additional identities, to opening lines of credit, and selling your personal information to other hackers.  
+
If you discover that your account is compromised for any reason including responding to a phishing email, it is important to inform your system administrator or the [[Contact us|Help Desk]] as soon as possible. Every second that your account is compromised is another second that your online presence is out of your control. Examples of what hackers will do with your personal information include everything from sending an email to everyone in your address book, an attempt obtain additional identities, to opening lines of credit, and selling your personal information to other hackers.  
 
Generally, the system administrator will not punish you for reporting that your account is compromised. However, you can be held legally accountable for any actions taken by the hacker.
 
Generally, the system administrator will not punish you for reporting that your account is compromised. However, you can be held legally accountable for any actions taken by the hacker.
  
Line 35: Line 35:
 
#<b> The password must be changed and previous password cannot be reused!</b>
 
#<b> The password must be changed and previous password cannot be reused!</b>
  
If you need assistance with any of these points please contact or visit the [[Contact_us|IT Help Desk]].  
+
If you need assistance with any of these points please contact or visit the [[Contact_us|Help Desk]].  
  
Once you have understood these points, contact the [[Contact_us|IT Help Desk]] to have your account reactivated.  
+
Once you have understood these points, contact the [[Contact_us|Help Desk]] to have your account reactivated.  
  
  
Line 100: Line 100:
 
   
 
   
 
[[category:accounts]]
 
[[category:accounts]]
 +
[[Category:Security]]

Latest revision as of 17:00, 24 March 2020

Exclaim.png Attention!
The University of Akron will never e-mail you and ask you to disclose or verify your UA password.
If you receive a suspicious e-mail with a link to update your account information, do not click on the link! Instead, report the e-mail to The University of Akron for investigation. Contact information for the Help Desk can be found here.

Notice.png Notice
Passwords expire every 180 days. You can reset the password yourself by following the Password guide or by contacting the Help Desk.

What is Phishing

From Wikipedia, the free encyclopedia:

In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as user names, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users.

How to report a Phishing Email

If you are using the Outlook client, you can submit emails like this using the report message tool. If you are using Outlook WebApp: Click the email then click on Junk and it will give you an option to report the email as Phishing/Junk or just block it.

Outlook Desktop Client
Report Phish Client.png

Outlook.com
Report Phish WebClient.png


If you are using Linux or third party email application you can send the email as an attachment to the following email addresses: phish@office365.microsoft.com

Notice.png Notice
You need to attach the email that you are reporting to a new email. Please leave the body of the email blank.

Responding to a compromised account

If you discover that your account is compromised for any reason including responding to a phishing email, it is important to inform your system administrator or the Help Desk as soon as possible. Every second that your account is compromised is another second that your online presence is out of your control. Examples of what hackers will do with your personal information include everything from sending an email to everyone in your address book, an attempt obtain additional identities, to opening lines of credit, and selling your personal information to other hackers. Generally, the system administrator will not punish you for reporting that your account is compromised. However, you can be held legally accountable for any actions taken by the hacker.

If your account has been deactivated due to Phishing

You must understand the following:

  1. How to recognize phishing attacks
    • The phishing email will usually ask for a username and a password
    • The grammar and spelling of the message is often poor
    • The return address is from some "web-administrator" or "email-administrator" address
  2. Settings of the email account must be carefully reviewed, including signature, name, and reply-to address.
  3. The password must be changed and previous password cannot be reused!

If you need assistance with any of these points please contact or visit the Help Desk.

Once you have understood these points, contact the Help Desk to have your account reactivated.


Failure to follow any of these items may lead to their account being locked again.

Phishing targeting UA

Fraudulent Example

Verify Your Uakron Account Now

Dear Uakron Account Owner,

This message is from Uakron messaging center to all Uakron email account

owners. We are currently upgrading our data base and e-mail account

center. We are deleting all Uakron email account to create more space for

new accounts.

To prevent your account from closing you will have to update it below so

that we will know that it's a present used account.

***********************************************************

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username : ......... .....

EMAIL Password : ...............

Date of Birth : ................

Country or Territory : .........

***********************************************************


Warning!!! Account owner that refuses to update his or her account within

Seven days of receiving this warning will lose his or her account

permanently.


Thank you for using Uakron!

Warning Code:VX2G99AAJ


Thanks,

Uakron Team

Uakron.edu BETA

Additional Information

Additional information regarding a compromised Google Apps account can be found at : http://www.google.com/support/a/bin/answer.py?answer=134413.