ITS is responding aggressively to the proliferation of "phishing" emails, especially since some of these attacks are very realistic and appear legitimate. Phishing emails are designed to install malware (e.g., spyware, viruses) and/or trick people into providing personal and private information -- often requesting usernames and passwords.
We have implemented a new Microsoft feature that will alert you when you are viewing a suspicious message, particularly a message where the address has been spoofed (i.e., it purports to be from a particular sender but is actually sent from a different sender). Going forward, Microsoft will roll out Safety Tips for messages that will warn you when a message has been marked as suspicious and sometimes even a reassurance for a message may appear suspicious but has been identified as safe. Because phishing attacks are constantly changing, WWU ITS will continue to implement changes to help protect our faculty, staff, and students. However, as users, we must be vigilant in protecting ourselves from phishing scams.
Review Email Safety Tips in Office 365
so you know what to look for when Outlook flags a message as suspicious, but don’t rely on these automated alerts to identify every single malicious message. Continue to be wary of messages that contain unexpected hyperlinks or attachments with little context, as well as messages that have numerous spelling and grammatical errors, even if they appear to come from someone you know. For information about identifying and avoiding phishing scams, including examples of common scams, visit https://atus.wwu.edu/kb/phishing-how-protect-yourself-fraudulent-emails
The examples provided on Microsoft’s web page are for the Web browser version of Outlook. You will still see alerts in the Outlook clients for Windows and Mac OS, but they may be subtler. Microsoft says that the Outlook desktop client for Windows and Mac OS, as well as Outlook mobile apps, will warn you when a message is suspicious. Some mail apps may not show these alerts.
Phishing email messages are designed to look legitimate. You can help protect yourself by following these tips:
- Do not share your personal information electronically (e.g., passwords, PINs, security questions/answers, banking/account numbers, etc.). While Western will never directly ask for personal information in an email message – we do use systems that will often send email with hyperlinks that require sign-in (example: eSign, OneDrive, etc.) – caution should be exercised anytime you click on any link in an email. Remember that the return address on a message can be "spoofed". This means that that the address you initially see may not actually be the source of the message.
- Do not open email attachments unless you requested it or are expecting it. Just knowing the sender (or thinking you know the sender) does not make the attachment safe.
- Do not click on links in a message unless requested by you or expected. Links often point to malicious code that could install malware on your computer.
- Be on the lookout for subtle language clues. Often these messages will use language constructs that are not typical.
- If you have any questions about the content or instructions in a message you should always contact the source of the message. Checking a web page, making a phone call, or creating a new message is always safer than replying to a questionable message.
- If you have responded to a message with your username and password or other personal information, you should immediately change your password and security questions/answers, and contact the ATUS Help Desk at x3333 or your local technology support staff.
Wishing you safe computing.