{"id":2952,"date":"2018-09-17T03:57:57","date_gmt":"2018-09-17T03:57:57","guid":{"rendered":"https:\/\/in.nau.edu\/its\/emailphishing\/"},"modified":"2025-10-07T18:56:53","modified_gmt":"2025-10-07T18:56:53","slug":"emailphishing","status":"publish","type":"page","link":"https:\/\/in.nau.edu\/its\/emailphishing\/","title":{"rendered":"Email Phishing"},"content":{"rendered":"

$\"An$ <\/h6>\n

Email Phishing<\/span><\/h3>\n
phishing@nau.edu<\/a> \u2022\u00a0 (928) 523-3335<\/a><\/p>\n
\n
\n
\n
Reporting a Phish<\/h4>\n
If you caught a phish, or think<\/em> you’ve caught a phish, you can report it by the following methods.<\/p>\n
\n
Built-in reporting options in your email client<\/h5>\n
\n
For anyone with an NAU email through Outlook or Gmail, the built-in Reporting option is preferred. It is available for on most devices and ways of accessing your email, though it is currently not available for Gmail Mobile.<\/li>\n<\/ul>\n
Forward an email to phishing@nau.edu<\/h5>\n
\n
If the built-in reporting option is not available, forwarding the email to phishing@nau.edu is always an option. You don’t need to provide screen shots, attachments, or headers like we used to ask you for. Just hit forward and drop phishing@nau.edu in the “To:” box. We’ll take it from there.<\/li>\n<\/ul>\n
Want further details on how to report for your client? Check out our Knowledge Base Article on reporting a phish<\/a>.
\n<\/div><\/div>\n
\n
\n
General Phishing<\/h4>\n
\n\n
\n \n
\n
What is phishing? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
Phishing is the process of a malicious entity attempting to acquire sensitive information such as usernames, passwords, and financial details by masquerading as a trustworthy source in an email or other electronic communication in order to steal your data, access University systems, or install malware.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
How do I know I\u2019ve received a phish? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
Many phishing attempts will request that you take action by clicking a link or performing a strange action, such as sending a gift card or personal financial details. However, in today’s day and age, phishing has gotten more advanced; they are no longer easy to spot and comical in demands…your Nigerian Prince is not going to send you money. Modern phishing attempts are well executed and getting harder and harder to spot.<\/p>\n\n
This is to say, you may not know.<\/em> If you are ever unsure, you can have us check for unusual behavior on the email<\/em> by reporting.<\/p>\n
\n<\/div><\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n\n \n
\n
I think I clicked on something I shouldn\u2019t have, now what? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
First, don’t panic. Many times, quick reporting can help mitigate the negative impacts of the accidental click. Then:<\/p>\n
\n
Close the browser<\/li>\n
Report it.<\/li>\n
Change your password<\/a> if you shared it.<\/li>\n
If you are receiving an unsolicited Two-Step Verification push notification, contact the ITS Service Desk<\/a><\/strong> for assistance in recovering your account.<\/li>\n
If you notice any unusual downloads or unexpected behaviors on an NAU supported devices, contact the ITS Service Desk<\/a><\/strong> to have it evaluated.<\/li>\n<\/ul>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
I accidentally reported an email what do I do? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
If you have accidentally reported an email just send a message phishing@nau.edu <\/a>and let us know which one it was. We can return it to you.<\/p>\n\n
A common cause of accidental reports is the fact that the “Archive” button and the “Report” button are side by side. If you frequently use the “Archive” button you may prefer to move it to another location in your ribbon. You can follow the instructions provided by Microsoft.<\/a><\/p>\n
\n<\/div><\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
Can I move the report button? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
Yes, follow the instructions provided by Microsoft.<\/a><\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
What could happen if you fall for a phish? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
If you click on a phishing link, or open a malicious attachment, several things can happen:<\/p>\n
Your personal information may be stolen. Phishing attacks often involve tricking people into entering their personal information, such as login credentials, DUO authentication codes, credit card numbers, etc. into a fake website. If you happen to provide this information to the bad actors, it can be used to steal your identity, commit fraud, or other malicious purposes.<\/p>\n
\n
Malware can be installed on to your device. Phishing emails may contain links or attachments that, when clicked, can download malware onto your device which can take control of your device, spy on you, steal your work or personal information, or use your device to continue spreading the attack.<\/li>\n
Your accounts can be compromised. If you enter your login credentials or DUO authentication codes on to a fake website, the bad actors can use that information to log into your actual accounts and take them over, which can lead to theft of your work or personal information and even cause financial loss.<\/li>\n
Your device can be locked or encrypted. Some phishing attacks involve ransomware, which can lock or encrypt your data or data you have access to and demand a payment to unlock the data or prevent publicly disclosing the data.<\/li>\n<\/ul>\n
Clicking on a phishing link or opening a malicious attachment can have serious consequences for you, your department, and NAU. It is important to always be cautious and verify the authenticity of emails and links before clicking on anything.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
Common phishing signs Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
\n
The message is poorly written; it may contain strange grammar and spelling.<\/li>\n
Requests that you provide personal information such as your NAU password, credit cards, bank accounts, phone numbers, addresses, etc.<\/li>\n
The email contains a strange attachment you weren’t expecting.<\/li>\n
Attempts to scare the recipient by creating a sense of urgency by threatening to close accounts, overdraw funds, etc.<\/li>\n
Offers for jobs, awards, or other incentives that are too good to be true.<\/li>\n
The ‘from’ address doesn’t seem correct, or does not match the domain of where the message was sent.<\/li>\n
Requests for money or donations.<\/li>\n<\/ul>\n
It’s important to note that even if an email doesn’t contain these indicators, it may still be a phish!<\/em><\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n<\/div>\n
<\/div>\n
\n
Real Examples of Phishing at NAU<\/h4>\n
\n\n
\n \n
\n
Example of a fake CAS login page Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
This login page looks authentic, but is actually identifiable as fraudulent upon closer inspection. The end of the domain address (everything before the ‘slash’, or ‘\/’) ends in ‘.com’ instead of ‘nau.edu’. If a user is in a hurry or careless, they can see the ‘nau.edu’ and overlook this. This is a cheap trick used by cyber-criminals, but is still very effective for an inattentive user to fall for.<\/p>\n
$\"Fake$ <\/p>\n
\n
Always check the URL of any site that you intend to enter your NAU credentials in. The best cybersecurity defense is your own perception.<\/em><\/p>\n<\/div>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
Example of a fake DUO page Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n
\n\n
Using what was shown in the previous example, we can see that this DUO prompt is fraudulent based off the domain URL, which ends in ‘.com’ instead of ‘nau.edu’. Again, the attackers attempt to catch users off-guard by including ‘nau.edu’ after the slash.<\/p>\n
NAU Users should also be able to recognize that this isn’t what our NAU DUO page currently looks like. This is an outdated DUO page, with only one option for authentication. NAU also does not provide a ‘remember me for 90 days’ option.
\n<\/em><\/p>\n<\/div>\n
$\"A$ <\/p>\n
If an NAU user were to enter their user ID and password, followed by their DUO one-time password; they would be granting a cyber-criminal full access to their financial account, direct deposit, social security, tax information, addresses, and more.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n
\n
Report Phishing<\/h4>\n
\n\n
\n \n
\n
What should I do if I receive a phishing email? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n
\n\n
If you receive a phishing email, don’t respond to it, click on links, or open attached files. Easily report a phish by using one of the two following options:<\/p>\n
\n
From an Outlook client, Outlook on the web, or Gmail client select the suspected phishing email and Click Report and then Report Phishing. This option automatically reports the phishing email to our security team and remove the phishing email from your inbox.<\/li>\n
If you do not have the report phishing option in your client, please forward the original suspected phishing to Phishing@nau.edu. After you’ve reported the email, please delete it from your inbox.<\/li>\n<\/ul>\n<\/div>\n
If you believe your NAU account was compromised, immediately change your password<\/a><\/strong>, and contact the ITS Service Desk.<\/a><\/strong><\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
How do I report? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
Your reporting options depend on what you are using:<\/p>\n
\n
From an Outlook client, Outlook on the web, or Gmail client select the suspected phishing email and Click Report and then Report Phishing. This option automatically reports the phishing email to our security team and remove the phishing email from your inbox.<\/li>\n
If you do not have the report phishing option in your client, please forward the original suspected phishing to Phishing@nau.edu. After you’ve reported the email, please delete it from your inbox.<\/li>\n<\/ul>\n
We are no longer requesting headers or asking University Community Members to use our retired Report a Phish application.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
Is it safe to forward the phish? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n
\n\n
Yes, if you forward it to phishing@nau.edu<\/a>. <\/em>This mailbox is specifically setup to allow NAU’s security team to safely examine and evaluate suspicious emails.<\/p>\n<\/div>\n*
<\/div>\n
No, if you forward it to your supervisor, co-workers, or other University Community Members. While it can be tempting to attempt to warn your coworkers or ask them if they think it is a phish, forwarding the potentially malicious email can cause it to spread further and faster.<\/div>\n
<\/div>\n
<\/div>\n
You should not forward or share suspected phishing emails to any email other than phishing@nau.edu<\/a>.<\/div>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
What if I\u2019m wrong? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
After reviewing the reported email, we’ll let you know if we do not evaluate the email to be an active threat and thank you for your report. It is far easier to proactively check an email for suspicious behavior, than it is to clean up accounts and devices after a University Community Member clicked on a bad link.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n\n
\n \n
\n
Why should I report? Accordion Closed<\/span><\/h4>\n <\/span>\n <\/div>\n <\/a>\n
\n \n\n
If you were walking down the hallway and saw a potential tripping hazard or spill that you couldn’t clean up yourself, you would call it in. Facility Services would then come out and make that spot in our University safe again.<\/p>\n
Reporting potential email hazards, phishing, enables our Security Operations Team to clean up that spot in our University systems.<\/p>\n
By reporting phishing emails you make NAU safer for all of our Community Members.<\/p>\n<\/body><\/html>\n\n <\/div>\n<\/div>\n\n
If you have any other questions, comments, or feedback you can reach us by opening a ServiceNow Ticket<\/a>.<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"
Email Phishing phishing@nau.edu \u2022\u00a0(928) 523-3335<\/p>\n","protected":false},"author":1,"featured_media":13835,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","ring_central_script_selection":"","footnotes":""},"class_list":["post-2952","page","type-page","status-publish","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/pages\/2952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/comments?post=2952"}],"version-history":[{"count":102,"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/pages\/2952\/revisions"}],"predecessor-version":[{"id":22277,"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/pages\/2952\/revisions\/22277"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/media\/13835"}],"wp:attachment":[{"href":"https:\/\/in.nau.edu\/its\/wp-json\/wp\/v2\/media?parent=2952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}