Phishing: How to Protect Yourself from Fraudulent Emails

Don't Get Phished - TipsWhat is Phishing?

"Phishing" scams are the use of fraudulent emails or other solicitations to lure users into sharing personal information that can be used for identity theft or other illegal activities. These messages often ask users to enter their sensitive information at a fake website that purports to belong to a legitimate organization.

NEW! Download and print our handout: PDF icon Don't Get Phished!

How Can I Tell If an Email is Phishing?

  1. It's NOT legitimate if they ask for passwords or sign-in information. No legitimate business (WWU, banks, eBay, etc.) will ever contact you and require that you share your personal information (bank numbers/PIN, security questions, passwords, etc.)

  2. Often a fraudulent email will have graphics, URLs, or grammar that is not quite right. See examples below for fraudulent attempts to masquerade as legitimate businesses. Hovering the cursor over a link will expose the URL - if this doesn't match the link name that is a clue that the sender is hiding something.

  3. Become familiar with what the real Universal Login page for Western looks like, so you can more easily recognize a fraudulent copy. NOTE: This is not the only legitimate Western login page, but it is one that scammers frequently try to replicate. We also regularly sign-in to Microsoft's Office 365 page with our Western credentials.

The real Western Universal Login page

You will also encounter our Microsoft Office 365 sign-in pages when you sign-in to Office 365 apps, Canvas, G Suite, or other apps that are authenticated through Microsoft's single-sign-on service.

Microsoft Office 365 Sign-In Page Microsoft Office 365 Login
These are both legitimate sign-in pages for Office 365. When you enter your username@wwu.edu on the Microsoft sign-in page, your browser will be redirected to the WWU branded Microsoft sign-in page shown on the right.

What Should I do with a Fraudulent Email?

  1. Delete the email as soon as you realize it's fraudulent. 
  2. DO NOT click on anything in the email. If you think it might be legitimate, go to a web browser and TYPE IN the URL of your bank or whatever business is supposedly contacting you. 
  3. If you are not certain about the email, contact the ATUS Help Desk. 

Example of Fraudulent Emails and How You Could Detect Them

These are recent examples of phishing scams that have been reported to the Help Desk. This list does not include every example of reported phishing, but it does include some of the most frequently reported or most convincing. We have highlighted the most suspicious components in the examples, but in many cases the copy you receive may have the same text but will come from a different sender. These messages are often riddled with misspelled words and grammatical errors, but some of them are carefully crafted and quite convincing.

Spelling errors and Links that don't match the URLs are clues to Phishing scams

Be very careful of attachments, especially those that end in .zip or .exe

Hovering to see the URLs of links can expose URLs from other countries

 

 

Topic: Security