Information Security Central - February 2017

This month, we want to focus on phishing and email scams. This is especially topical this time of year, as we have seen a significant increase in the amount of phishing scams circulating campus in an effort to secure information necessary to file fraudulent tax returns. This information is important to know year-round, but the stakes are even higher than usual right now.

What is phishing?

"Phishing" refers to a scammer attempting to trick someone, most commonly over email, to reveal his or her password or personal information. The phisher delivers a message that is intended to look official, usually claiming to be from the IT office. These messages often convey a sense of urgency, claiming that the recipient's account has been compromised and requiring some kind of action (such as clicking on a link or replying to the email) to keep the account active.

Replying to the email or supplying account information on any linked web pages is likely to result in a compromised account. Once an account has been compromised, it can be used to deliver spam and phishing messages to others, but more importantly, it can be used to reveal personal information for use in additional fraud.

Why is phishing dangerous?

A successful phish can lead to an account compromise, and your Global ID can be used to access a lot of information about yourself. For example, employees control their direct deposit and can access their W-2 information online using their Global ID. While we have additional security measures in place for these examples, a compromised account brings the scammer one step closer to stealing your identity or filing a fraudulent tax return.

A compromised account can also be used to send spam and further phishing attempts to others at CMU. Because our spam scanner is more forgiving of CMU accounts, messages that would normally be blocked as fraudulent end up being delivered. So the security of your account isn't just important for you--it's important for everyone at CMU.

How can I identify phishing messages?

Phishing scams vary widely in production value. Some of them are easy to identify immediately as a scam, while others can look very convincing. You can never be too vigilant with a message that you weren't expecting, so keep some of the following points in mind for all of your incoming email.

See the bottom of this page for an actual example of a common phishing message as well as some indicators for how you can spot it.

Don't click on that link!

Not until you're sure it's safe, at least. Unless you know for sure that you can trust the sender, never click on any links in your email, especially if you weren't expecting the message or if it conveys a sense of urgency. 

Or do a "skeptical hover" before clicking

Once you're fairly certain that you can trust the sender, hover over the link with your cursor. This will display the location where the link will take you. If it's somewhere you weren't expecting, especially if it is not a www.cmich.edu location, don’t click it.

We'll never ask for your password

If someone claims to be from CMU and asks for your password, you can be sure that they're up to no good. The Office of Information Technology will never ask you for your password, so you should never respond to such requests.

Careful with that attachment

Attachments can contain a variety of nasty things that you don't want on your computer, including key loggers, ransomware, and other viruses. If you're not sure if the sender is safe, do not open any attachments in the message.

Never reuse your password

This applies to any account, but it's critical for your CMU account. If you use the same password for another online service, and that service has a security breach, you might be inadvertently handing over the keys to your Global ID.

When in doubt, check with us

If you're not sure whether a message is legit, please reach out to the Help Desk. It's what we do! We even have extended hours on most days. Find out more by calling us at (989) 774-3662 or through additional options available on the Help Desk website.


Example phishing message

Here's an actual example of a phishing message that successfully phished a number of accounts in spring semester 2017. This image is a thumbnail; click the image to see a full-size image with some indicators for how you can spot this as a phishing message.

A thumbnail of an example of a phishing message, including the sendering being wrong, the inbox size being wrong, & terminology


What does CMU do to help promote account security?

When CMU detects that an account has been compromised and used to deliver spam, it is locked automatically to prevent that account from being used to phish others. In addition, measures are already in place to alert you when your W-2 and benefit information has been accessed, to detect out-of-country VPN access, and require additional verification prior to changing your direct deposit information. 

Depending on the situation and the nature of the activity detected, OIT may take necessary action to protect your account, which may involve temporarily deactivating it and putting a block on outgoing email until you can reach out to the Help Desk for assistance with re-securing your CMU account. While this may be inconvenient, it is the most effective way to prevent continued (unwanted) access to your account.