What is Phishing?

Phishing (pronounced “fishing”) is the most common technique that hackers and identity thieves use to compromise accounts and install malware. Why is this? Quite simply, it is effective.

Phishing is an email fraud method used by hackers and thieves. The email usually appears to come from a legitimate sender in order to lure unsuspecting recipients into giving their personal, financial, or other sensitive information. The scammers use that information to commit identity theft, gain access to your accounts, and hack your computer.

Phishers are becoming much more sophisticated and convincing, making it even more important for users to become savvier & not get hooked.

Spear Phishing: SAU faculty, staff, and students receive multiple spear phishing attempts each week. Spear phishing targets a particular group (e.g., members of the SAU community) in order to trick recipients into providing information or clicking on attachments or links in the email in order to gain access to a system or data. We have illustrated several spear phishing attempts that the SAU has received.

As phishing schemes become more sophisticated, with phishers being able to convince up to 5% of recipients to respond, it becomes increasingly important to be vigilant in identifying and protecting yourself from these scams.

Phishing Typical Design

Typically uses urgent or exciting language to get you to act quickly without thinking
Asks for you to activate or validate your account, passwords, bank account information, usernames, credit card numbers, social security numbers, etc.
Displays fake URLs that actually direct you to dangerous sites
Contains attachments that you are directed to open for an urgent reason, or because you will gain something important from doing so. Can also look like links to trusted sites like Dropbox with shared file links.

Don't Trust — Verify

Never respond to any suspicious email by clicking on links or filling out forms with personal or financial information.
Don't believe everything you read. If you are unsure as to whether a website is legitimate, confirm it by contacting the individual or company that sent the message.
Double check the URLs of websites you visit. Rather than using contact information provided in any email, take a moment and look it up on the company's website.
Be patient. Too many users end up the victims of Internet crime because they do not stop to think, but instead act on impulse clicking on a link or an interesting looking attachment without thinking of the possible consequences.
Never provide personal information or information about your school account via email, text, or over the phone.
Don't open unexpected attachments. Contact the email source to verify the contents. Again, use a trusted source to find contact information for the recipient.

What To Do If Your SAU Account Has Been Compromised

If you believe you might have inadvertently revealed sensitive university information such as your SAU username or password, you should change your password immediately by going to MySAU Portal site. If you have additional questions, comments or concerns contact SAU Information Services Helpdesk at helpdesk@arbor.edu or 517-750-6405.

If you provided personal information that could be used for identity theft or fraud in response to a fraudulent email, you should immediately contact the company being spoofed.

Reporting Phishing!

If you receive a suspicious email, and it is NOT listed in our Phishing Alerts, please forward the email Helpdesk@arbor.edu in the following way:

Remember to NEVER open any attachments that are within a suspected spam or phishing email, as they could contain malware
Forwarding the email as an attachment
Send the full email headers: To, From, Date, and Subject line

You should also report phishing email messages to Office365 by clicking the check box next to the message in your Outlook inbox. Click the arrow next to Junk and then point to Phishing scam. This will remove the email from your inbox and also report the message as a phishing scam.