Email Phishing

Phishing is the process of a malicious entity attempting to acquire sensitive information such as usernames, passwords, and financial details by masquerading as a trustworthy source in an email or other electronic communication in order to steal your data, access University systems, or install malware.

Many phishing attempts will request that you take action by clicking a link or performing a strange action, such as sending a gift card or personal financial details. However, in today’s day and age, phishing has gotten more advanced; they are no longer easy to spot and comical in demands…your Nigerian Prince is not going to send you money.  Modern phishing attempts are well executed and getting harder and harder to spot.

This is to say, you may not know. If you are ever unsure, you can have us check for unusual behavior on the email by reporting.

First, don’t panic. Many times, quick reporting can help mitigate the negative impacts of the accidental click. Then:

• Close the browser
• Report it.
• Change your password if you shared it.
• If you are receiving an unsolicited Two-Step Verification push notification, contact the ITS Service Desk for assistance in recovering your account.
• If you notice any unusual downloads or unexpected behaviors on an NAU supported devices, contact the ITS Service Desk to have it evaluated.

If you click on a phishing link, or open a malicious attachment, several things can happen:

Your personal information may be stolen.  Phishing attacks often involve tricking people into entering their personal information, such as login credentials, DUO authentication codes, credit card numbers, etc. into a fake website.  If you happen to provide this information to the bad actors, it can be used to steal your identity, commit fraud, or other malicious purposes.

• Malware can be installed on to your device.  Phishing emails may contain links or attachments that, when clicked, can download malware onto your device which can take control of your device, spy on you, steal your work or personal information, or use your device to continue spreading the attack.
• Your accounts can be compromised.  If you enter your login credentials or DUO authentication codes on to a fake website, the bad actors can use that information to log into your actual accounts and take them over, which can lead to theft of your work or personal information and even cause financial loss.
• Your device can be locked or encrypted.  Some phishing attacks involve ransomware, which can lock or encrypt your data or data you have access to and demand a payment to unlock the data or prevent publicly disclosing the data.

Clicking on a phishing link or opening a malicious attachment can have serious consequences for you, your department, and NAU.  It is important to always be cautious and verify the authenticity of emails and links before clicking on anything.

• The message is poorly written; it may contain strange grammar and spelling.
• Requests that you provide personal information such as your NAU password, credit cards, bank accounts, phone numbers, addresses, etc.
• The email contains a strange attachment you weren’t expecting.
• Attempts to scare the recipient by creating a sense of urgency by threatening to close accounts, overdraw funds, etc.
• Offers for jobs, awards, or other incentives that are too good to be true.
• The ‘from’ address doesn’t seem correct, or does not match the domain of where the message was sent.
• Requests for money or donations.

*It’s important to note that even if an email doesn’t contain these indicators, it may still be a phish!