Report a Phish
If you caught a phish, or think you’ve caught a phish, report it by forwarding it to firstname.lastname@example.org. After you report the suspect email please delete while we investigate and remediate malicious emails.
Have questions? Concerns? Feedback? Keep reading for more information.
What is phishing? Accordion Closed
Phishing is the process of a malicious entity attempting to acquire sensitive information such as usernames, passwords, and financial details by masquerading as a trustworthy source in an email or other electronic communication in order to steal your data, access University systems, or install malware.
How do I know I’ve received a phish? Accordion Closed
Many phishing attempts will request that you take action by clicking a link or performing a strange action, such as sending a gift card or personal financial details. However, in today’s day and age, phishing has gotten more advanced; they are no longer easy to spot and comical in demands…your Nigerian Prince is not going to send you money. Modern phishing attempts are well executed and getting harder and harder to spot.
This is to say, you may not know. If you are ever unsure, you can have us check for unusual behavior on the email by reporting.
I think I clicked on something I shouldn’t have, now what? Accordion Closed
First, don’t panic. Many times, quick reporting can help mitigate the negative impacts of the accidental click. Then:
- Close the browser
- Report it.
- Change your password if you shared it.
- If you are receiving an unsolicited Two-Step Verification push notification, contact the ITS Service Desk for assistance in recovering your account.
- If you notice any unusual downloads or unexpected behaviors on an NAU supported devices, contact the ITS Service Desk to have it evaluated.
What could happen if you fall for a phish? Accordion Closed
If you click on a phishing link, or open a malicious attachment, several things can happen:
Your personal information may be stolen. Phishing attacks often involve tricking people into entering their personal information, such as login credentials, DUO authentication codes, credit card numbers, etc. into a fake website. If you happen to provide this information to the bad actors, it can be used to steal your identity, commit fraud, or other malicious purposes.
- Malware can be installed on to your device. Phishing emails may contain links or attachments that, when clicked, can download malware onto your device which can take control of your device, spy on you, steal your work or personal information, or use your device to continue spreading the attack.
- Your accounts can be compromised. If you enter your login credentials or DUO authentication codes on to a fake website, the bad actors can use that information to log into your actual accounts and take them over, which can lead to theft of your work or personal information and even cause financial loss.
- Your device can be locked or encrypted. Some phishing attacks involve ransomware, which can lock or encrypt your data or data you have access to and demand a payment to unlock the data or prevent publicly disclosing the data.
Clicking on a phishing link or opening a malicious attachment can have serious consequences for you, your department, and NAU. It is important to always be cautious and verify the authenticity of emails and links before clicking on anything.
Common phishing signs Accordion Closed
- The message is poorly written; it may contain strange grammar and spelling.
- Requests that you provide personal information such as your NAU password, credit cards, bank accounts, phone numbers, addresses, etc.
- The email contains a strange attachment you weren’t expecting.
- Attempts to scare the recipient by creating a sense of urgency by threatening to close accounts, overdraw funds, etc.
- Offers for jobs, awards, or other incentives that are too good to be true.
- The ‘from’ address doesn’t seem correct, or does not match the domain of where the message was sent.
- Requests for money or donations.
*It’s important to note that even if an email doesn’t contain these indicators, it may still be a phish!
Real Examples of Phishing at NAU
Example of a fake CAS login page Accordion Closed
This login page looks authentic, but is actually identifiable as fraudulent upon closer inspection. The end of the domain address (everything before the ‘slash’, or ‘/’) ends in ‘.com’ instead of ‘nau.edu’. If a user is in a hurry or careless, they can see the ‘nau.edu’ and overlook this. This is a cheap trick used by cyber-criminals, but is still very effective for an inattentive user to fall for.
Always check the URL of any site that you intend to enter your NAU credentials in. The best cybersecurity defense is your own perception.
Example of a fake DUO page Accordion Closed
Using what was shown in the previous example, we can see that this DUO prompt is fraudulent based off the domain URL, which ends in ‘.com’ instead of ‘nau.edu’. Again, the attackers attempt to catch users off-guard by including ‘nau.edu’ after the slash.
NAU Users should also be able to recognize that this isn’t what our NAU DUO page currently looks like. This is an outdated DUO page, with only one option for authentication. NAU also does not provide a ‘remember me for 90 days’ option.
If an NAU user were to enter their user ID and password, followed by their DUO one-time password; they would be granting a cyber-criminal full access to their financial account, direct deposit, social security, tax information, addresses, and more.
What should I do if I receive a phishing scam? Accordion Closed
How do I report? Accordion Closed
While you are on the suspicious email, you can forward it to email@example.com. If there were attachments on the email, ensure they are attached.
We are no longer requesting headers or asking University Community Members to use our retired Report a Phish application.
Is it safe to forward the phish? Accordion Closed
Yes, if you forward it to firstname.lastname@example.org. This mailbox is specifically setup to allow NAU’s security team to safely examine and evaluate suspicious emails.
What if I’m wrong? Accordion Closed
After reviewing the reported email, we’ll let you know if we do not evaluate the email to be an active threat and thank you for your report. It is far easier to proactively check an email for suspicious behavior, than it is to clean up accounts and devices after a University Community Member clicked on a bad link.
Why should I report? Accordion Closed
If you were walking down the hallway and saw a potential tripping hazard or spill that you couldn’t clean up yourself, you would call it in. Facility Services would then come out and make that spot in our University safe again.
Reporting potential email hazards, phishing, enables our Security Operations Team to clean up that spot in our University systems.
By reporting phishing emails you make NAU safer for all of our Community Members.
If you have any other questions, comments, or feedback you can reach us by opening a ServiceNow Ticket.