Protect Yourself from Phishing

What does "Phishing" mean?

The term, "Phishing", is used to describe a style of scam conducted over email, where someone poses as a trusted official, administrator, or business, and attempts to gather sensitive information.  The concept of phishing has existed for a long time, though the styles of phishing attempts continue to evolve.

The most common result of a successful phishing attempt is identity theft.  The victim is no longer in control of their email account, and the phisher is able to access the content of the victims' email account and contact list, and possibly other connected applications like the victims' calendar or cloud drive.  In addition, if the victim used the same password with other applications and services, the phisher has potentially gained access to those as well.

A few types of phishing attempts:

  • Notification that your password is (falsely) expiring and needs to be changed
  • Urgent demand to click a link or your account will be locked/deleted within a short time
  • Requests to purchase gift cards on behalf of someone else
  • Requests for changes to Direct Deposit information
  • Announcement of a new computer update, and link to click to download it
  • Statements that you have won a vacation or some other unexpected prize

What other steps can you take to protect yourself?

  • Delete unsolicited messages that ask you to log into your bank account
  • Look for odd spelling in messages, or strange links or addresses ("bob.csueastbay.edu@gmail.com")
  • Take note of messages that are addressed to generic titles, such as "Valued Customer"
  • Follow up with a phone call to any institution that sent you a questionable email
  • Keep your computer patched and updated, and run antivirus and antispam software
  • Instead of clicking links within an email, type them directly into your browser location bar
  • If it seems too good to be true, it very likely is.  Be skeptical!

What should you do if you have been phished?

If you accidently send your account credentials via email, immediately change your password by following the steps listed at http://www.csueastbay.edu/netid/self-service.html.  Contact the ITS Service Desk at https://csueastbay.service-now.com/sp to submit a ticket or to speak with a technician.  If you receive an email that you believe could be a phishing message, forward it to the Information Security Office at iso@csueastbay.edu.

Please remember:

No one from CSU East Bay will ask you for your password.  Never give your password to anyone.

Phishing Examples

CSUEB ITS has received a sharp increase in the number of so-called “display name spoofing” email messages.  Display name spoofing is the term used for a phishing attempt that tries to convince the email recipient that the message was sent from a trusted individual (often a co-worker or supervisor) even though the attacker does not have direct access to that trusted individual’s account.  This technique is especially effective against people using mobile devices to access their email, since mobile email clients display less information about the sender than full desktop clients.

On a desktop client, this is an easy-to-spot phish; the gmail.com address is obvious:

Phish_img1

 

However, compare this with the same email message viewed using Mail for iOS, a common mobile email client:


Phish_img2 Phish_img3

 

WOW, that is much more convincing!  The good news: in Mail for iOS, if you train your users to tap on the “From” name seen in the screenshot on the left, they’ll see the information displayed on the screenshot shown on the right.  These steps may differ slightly between individual mobile email clients, but the basic steps to sanity check the sender should be the same.

 

As you can see below, the process for display name spoofing can be done for anyone, provided the attacker knows the first and last name and username for an individual; this information is publicly available for many department heads from our Online Directory, as well as many of the College webpages. 

 Phish_img4

Remember, if you are even slightly suspicious about an email, you can send it to iso@csueastbay.edu and we will be happy to check it out.

The following phishing email is attempting to get account credentials from the receiver by having them click a link titled, "Login to Clear History".  This link instead goes to a location used by the phisher to collect network credentials from the phishing victim.

-----------------

From: Facebook Accounts <email address not associated with Facebook>

Sent: Tuesday, December 3, 2019 9:28 PM

To: <email address intentionally removed>

Subject: Facebook Account Notice

Dear Customer,

You did not properly sign out during your last facebook session and your facebook session data was left in your browser.  As a precaution, we advise that you login with the link below so the facebook session data on your browser can be properly cleared.

Login To Clear History

You are strongly advised to follow instructions to prevent any malicious website from accessing the facebook session data stored in your browser.

Important Security Information:

This authentic message was sent to inform you of security issues detected in one or more of your accounts with us. Kindly adhere to instructions contained herein for continuous use of your facebook accounts.

Replies to this email message will not be read or responded to.

facebook Privacy Operations

Menlo Park, California 94025

20192019 Facebook, Inc.

This phishing message was sent from a Canadian domain, and linked to a fake Outlook Web login page.  Be on the lookout for any email that may urge you to quickly act with regard to your password, especially if the message is referencing salary or benefits, as they are very often phishing attempts to steal your credentials.

----------------