Information Technology Services
Virtual Visit Request info Apply
MENUMENU
  • Services
    • Services for...
      • Students
      • Faculty
      • Staff
      • Affiliates
    • Hardware & Software
      • Computer Purchasing
      • Printing
      • Web Browsers
      • Software for NAU Students
      • Software for NAU Faculty & Staff
    • Communication & Collaboration
      • Email & Calendars
      • NAUgo Mobile App
      • Phones, Mobile, & Voicemail
      • Video Conferencing & Messaging
    • Professional Services
      • Development
      • Project Management
      • Training & Documentation
      • User Experience & Design
      • Web & Mobile Development
    • General Services
      • A-Z Index
      • Service Catalog
      • Service Management
    • Infrastructure & Networking
      • File Sharing & Storage
      • Remote Services
      • Servers & Hosting
      • Wi-Fi & Networking
    • Academic & Research Technology Services
      • Blackboard Learn
      • Classroom Support
      • Computer Labs
      • Survey & Statistical Services
  • Security
    • Information Security
    • Phishing
    • Two-Step Verification
    • Antivirus
  • Get Help
    • Search Knowledge Articles
    • Submit a Ticket
    • View My Tickets
    • Contact Information & Hours
  • About
    • About Us
    • Contact Information & Hours
    • Directory
    • News
    • ITS Employee Forms
    • ITS Communications
    • ITS Meeting Spaces
    • Organizational Structure
    • About our CIO
  • IN
  • ITS
  • Email Phishing

Contact Information Security Services

Email:
phishing​@nau.edu
Call:
(523) 928-3335

Unsure about an email?


Report a suspected phish to NAU's Cybersecurity team by clicking the button below.
Report a Phish

Email Phishing


What is phishing?

Phishing is the process of a malicious entity attempting to acquire sensitive information such as usernames, passwords, and financial details by masquerading as a trustworthy source in an email or other electronic communication in order to steal your data, access University systems, or install ransomware.


How do I know I’ve received a phish?

Many phishing attempts will request that you take action by clicking a link or performing a strange action, such as sending a gift card or personal financial details. However, in today’s day and age, phishing has gotten more advanced; no longer is phishing egregiously easy to spot and comical in demands. Modern phishing attempts are well executed and getting harder and harder to spot.


Some signs that may indicate a phish

  • The message is poorly written; it may contain strange grammar and spelling.
  • Requests that you provide personal information such as your NAU password, credit cards, bank accounts, phone numbers, addresses, etc.
  • The email contains a strange attachment you weren’t expecting.
  • Attempts to scare the recipient by creating a sense of urgency by threatening to close accounts, overdraw funds, etc.
  • Offers for jobs, awards, or other incentives that are too good to be true.
  • The ‘from’ address doesn’t seem correct, or does not match the domain of where the message was sent.
  • Requests for money or donations.

*It’s important to note that even if an email doesn’t contain these indicators, it may still be a phish!


Real Examples of Phishing at NAU

Example of a fake CAS login page Accordion Closed

This login page looks authentic, but is actually identifiable as fraudulent upon closer inspection. The end of the domain address (everything before the ‘slash’, or ‘/’) ends in ‘.com’ instead of ‘nau.edu’. If a user is in a hurry or careless, they can see the ‘nau.edu’ and overlook this. This is a cheap trick used by cyber-criminals, but is still very effective for an inattentive user to fall for.

Always check the URL of any site that you intend to enter your NAU credentials in. The best cybersecurity defense is your own perception.

Example of a fake DUO page Accordion Closed

Using what was shown in the previous example, we can see that this DUO prompt is fraudulent based off the domain URL, which ends in ‘.com’ instead of ‘nau.edu’. Again, the attackers attempt to catch users off-guard by including ‘nau.edu’ after the slash.

NAU Users should also be able to recognize that this isn’t what our NAU DUO page currently looks like. This is an outdated DUO page, with only one option for authentication. NAU also does not provide a ‘remember me for 90 days’ option.

If an NAU user were to enter their user ID and password, followed by their DUO one-time password; they would be granting a cyber-criminal full access to their financial account, direct deposit, social security, tax information, addresses, and more.


What should I do if I receive a phishing scam?

If you receive a phishing scam, don’t respond to it, click on links, or open attached files. Report the phish immediately; if a phish is identified quickly, other users who may have been targeted may be defended as well.

You can easily report a phish by forwarding a suspicious email to phishing@nau.edu.

If you believe your NAU account was compromised, immediately change your password, and contact the ITS Service Desk.

Information Technology Services
Location
Building 54
Information Technology Services
1301 S. Knoles Drive
Flagstaff, AZ 86011
Mailing Address
PO Box 5100
Flagstaff, AZ 86011
Email
ITS@nau.edu
Phone
928-523-3335
888-520-7215
Social Media
Visit us on Twitter Facebook Instagram Youtube