Date Sent: Mar 1, 2023
Phishing Summary:
An attacker is using an email service that allows for full header spoofing, in this case appearing to come from email-center@gettysburg.edu. The attacker is also attempting to pose as Microsoft, trying to convince its recipients that their email settings are out of date. According to the phish, failure to not confirm, which would be done by clicking the “Confirm NOW” link, would result in your email account malfunctioning and no longer working.
Spotting the Phishing
When receiving any email, you should ask yourself, “Why is this person emailing me” and “Does this email seem legitimate”? Does the email contain phishing characteristics? In this particular phishing attempt, there were many known characteristics of a phish.
- Does the subject contain, BULK? Yes.
- Does the email create a sense of urgency or contain threats? Yes, according to the phish, failure to not comply within a short time would cause your account to be disabled.
- Does the attacker use a forged senders address? Yes. Email-center@gettysburg.edu cannot be found under the College global address list.
- Is there a use of poor spelling and grammar? Yes. Spacing errors and grammar mistakes.
- Fake web links? Yes, the link does not point to Microsoft or Gettysburg. Red flags should automatically go up, when users see links, or other email addresses in any email, especially when the sender is unknown or random.
What should you do if you receive a Phishing Scam?
- Don't reply
- Don't click on any links
- Don't open any attachments
- Report as spam or immediately delete the email
What should you do if you accidentally clicked on any of the links?
- Immediately change your password, scan your device for viruses and contact the IT Helpdesk or by calling 717.337.7000