Information Security
Email Phishing
phishing@nau.edu | (928) 523-3335
Reporting a Phish
If you caught a phish, or think you’ve caught a phish, you can report it through:
Built-In Reporting
- For anyone with an NAU email through Outlook or Gmail, the built-in Reporting option is preferred. It is available for on most devices and ways of accessing your email, though it is currently not available for Gmail Mobile.
Forwarding
- If the built-in reporting option is not available, forwarding the email to phishing@nau.edu is always an option. You don’t need to provide screen shots, attachments, or headers like we used to ask you for. Just hit forward and drop phishing@nau.edu in the “To:” box. We’ll take it from there.
Want further details on how to report for your client? Check out our Knowledge Base Article on reporting a phish.
General Phishing
What is phishing? Accordion Closed
Phishing is the process of a malicious entity attempting to acquire sensitive information such as usernames, passwords, and financial details by masquerading as a trustworthy source in an email or other electronic communication in order to steal your data, access University systems, or install malware.
How do I know I’ve received a phish? Accordion Closed
Many phishing attempts will request that you take action by clicking a link or performing a strange action, such as sending a gift card or personal financial details. However, in today’s day and age, phishing has gotten more advanced; they are no longer easy to spot and comical in demands…your Nigerian Prince is not going to send you money. Modern phishing attempts are well executed and getting harder and harder to spot.
This is to say, you may not know. If you are ever unsure, you can have us check for unusual behavior on the email by reporting.
I think I clicked on something I shouldn’t have, now what? Accordion Closed
First, don’t panic. Many times, quick reporting can help mitigate the negative impacts of the accidental click. Then:
- Close the browser
- Report it.
- Change your password if you shared it.
- If you are receiving an unsolicited Two-Step Verification push notification, contact the ITS Service Desk for assistance in recovering your account.
- If you notice any unusual downloads or unexpected behaviors on an NAU supported devices, contact the ITS Service Desk to have it evaluated.
I accidentally reported an email what do I do? Accordion Closed
If you have accidentally reported an email just send a message phishing@nau.edu and let us know which one it was. We can return it to you.
A common cause of accidental reports is the fact that the “Archive” button and the “Report” button are side by side. If you frequently use the “Archive” button you may prefer to move it to another location in your ribbon. You can follow the instructions provided by Microsoft.
What could happen if you fall for a phish? Accordion Closed
If you click on a phishing link, or open a malicious attachment, several things can happen:
Your personal information may be stolen. Phishing attacks often involve tricking people into entering their personal information, such as login credentials, DUO authentication codes, credit card numbers, etc. into a fake website. If you happen to provide this information to the bad actors, it can be used to steal your identity, commit fraud, or other malicious purposes.
- Malware can be installed on to your device. Phishing emails may contain links or attachments that, when clicked, can download malware onto your device which can take control of your device, spy on you, steal your work or personal information, or use your device to continue spreading the attack.
- Your accounts can be compromised. If you enter your login credentials or DUO authentication codes on to a fake website, the bad actors can use that information to log into your actual accounts and take them over, which can lead to theft of your work or personal information and even cause financial loss.
- Your device can be locked or encrypted. Some phishing attacks involve ransomware, which can lock or encrypt your data or data you have access to and demand a payment to unlock the data or prevent publicly disclosing the data.
Clicking on a phishing link or opening a malicious attachment can have serious consequences for you, your department, and NAU. It is important to always be cautious and verify the authenticity of emails and links before clicking on anything.
Common phishing signs Accordion Closed
- The message is poorly written; it may contain strange grammar and spelling.
- Requests that you provide personal information such as your NAU password, credit cards, bank accounts, phone numbers, addresses, etc.
- The email contains a strange attachment you weren’t expecting.
- Attempts to scare the recipient by creating a sense of urgency by threatening to close accounts, overdraw funds, etc.
- Offers for jobs, awards, or other incentives that are too good to be true.
- The ‘from’ address doesn’t seem correct, or does not match the domain of where the message was sent.
- Requests for money or donations.
*It’s important to note that even if an email doesn’t contain these indicators, it may still be a phish!
Real Examples of Phishing at NAU
Example of a fake CAS login page Accordion Closed
This login page looks authentic, but is actually identifiable as fraudulent upon closer inspection. The end of the domain address (everything before the ‘slash’, or ‘/’) ends in ‘.com’ instead of ‘nau.edu’. If a user is in a hurry or careless, they can see the ‘nau.edu’ and overlook this. This is a cheap trick used by cyber-criminals, but is still very effective for an inattentive user to fall for.
Always check the URL of any site that you intend to enter your NAU credentials in. The best cybersecurity defense is your own perception.
Example of a fake DUO page Accordion Closed
Using what was shown in the previous example, we can see that this DUO prompt is fraudulent based off the domain URL, which ends in ‘.com’ instead of ‘nau.edu’. Again, the attackers attempt to catch users off-guard by including ‘nau.edu’ after the slash.
NAU Users should also be able to recognize that this isn’t what our NAU DUO page currently looks like. This is an outdated DUO page, with only one option for authentication. NAU also does not provide a ‘remember me for 90 days’ option.
If an NAU user were to enter their user ID and password, followed by their DUO one-time password; they would be granting a cyber-criminal full access to their financial account, direct deposit, social security, tax information, addresses, and more.
Report Phishing
What should I do if I receive a phishing scam? Accordion Closed
If you receive a phishing scam, don’t respond to it, click on links, or open attached files. Easily report a phish by using one of the two following options:
- From an Outlook client or Outlook on the web select the suspected phishing email and Click Report and then Report Phishing. This option automatically reports the phishing email to our security team and remove the phishing from your inbox.
- If you are not using Outlook or do not have the report phishing option in your client, please forward the original suspected phishing to Phishing@nau.edu. After you’ve reported the email, please delete it from your inbox.
If you believe your NAU account was compromised, immediately change your password, and contact the ITS Service Desk.
How do I report? Accordion Closed
Your reporting options depend on what you are using:
- From an Outlook client or Outlook on the web select the suspected phishing email and Click Report and then Report Phishing. This option automatically reports the phishing email to our security team and remove the phishing from your inbox.
- If you are not using Outlook or do not have the report phishing option in your client, please forward the original suspected phishing to Phishing@nau.edu. After you’ve reported the email, please delete it from your inbox.
We are no longer requesting headers or asking University Community Members to use our retired Report a Phish application.
Is it safe to forward the phish? Accordion Closed
Yes, if you forward it to phishing@nau.edu. This mailbox is specifically setup to allow NAU’s security team to safely examine and evaluate suspicious emails.
What if I’m wrong? Accordion Closed
After reviewing the reported email, we’ll let you know if we do not evaluate the email to be an active threat and thank you for your report. It is far easier to proactively check an email for suspicious behavior, than it is to clean up accounts and devices after a University Community Member clicked on a bad link.
Why should I report? Accordion Closed
If you were walking down the hallway and saw a potential tripping hazard or spill that you couldn’t clean up yourself, you would call it in. Facility Services would then come out and make that spot in our University safe again.
Reporting potential email hazards, phishing, enables our Security Operations Team to clean up that spot in our University systems.
By reporting phishing emails you make NAU safer for all of our Community Members.
If you have any other questions, comments, or feedback you can reach us by opening a ServiceNow Ticket.