Phishing scams have become much more sophisticated at imitating university communications, and IT Services encourages users to take care in evaluating email messages that claim to be from the university.
Is This A Scam?
How can you really know what to trust and what not to trust? Some phishing email includes university branding that makes it look legitimate. Here are some tips for evaluating whether an email is legitimate and requires your attention, or if it is a potential scam that should be reported.
Verify Contact Information
- Legitimate email should include your first and last name and offer an alternative contact method other than replying to the email, such as a phone number or campus address.
- When in doubt, contact the department or person from which the email supposedly originates to ensure it is legitimate.
Beware Embedded Links
Malicious email will often include a link hidden within a legitimate-looking link. IT Services uses multiple spam and phishing filters, including ProofPoint, to prevent most fraudulent email from arriving at your Inbox.
To prevent you from accidentally clicking on malicious links, the ProofPoint system finds potentially suspicious emails and rewrites the links in the messages to look something like "https://urldefense.proofpoint.com/v1/url?u-http://website.com?s=long." These modified URLs allow the system to check the link when you click on it. If the link is malicious, you will be prevented from visiting the page. If the link is valid, you will be forwarded to the page.
If a link in an email is not modified by ProofPoint, you can play it safe by copying and pasting the URL directly into your web browser.
To guard against phishing scams, consider the following:
- Reputable organizations should never use email to request that you reply with your password, full Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself. Never reply to or click the links in such a message. If you think the message may be legitimate, go directly to the company's website (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.
- Read your email as plain text.
Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans.
- If you choose to read your email in HTML format:
- Hover your mouse over the links in each email message to display the actual URL. Check whether the hover-text link matches what's in the text, and whether the link looks like a site with which you would normally do business.
- On an iOS device, tap and hold your finger over a link to display the URL. Unfortunately, Android does not currently support this.
- Before you click a link, check to see if the message sender used a digital signature when sending the message. A digital signature helps ensure that the message actually came from the sender.
Below is an example of a clever phishing scam that uses legitimate-looking information pulled from real university correspondence. It includes a link that, once clicked, goes to a page designed to capture and collect your personal account information.
The image below includes notes by the IT Services Security Team pointing out how accurate the information appears to be. Pay attention to the email address in the From field. All legitimate email coming from the University of Arkansas will be sent from an @uark.edu address.
IT Services will always provide contact information where you can call to verify an email. If you receive an email with a link to a login page, copy and paste it into your browser and ensure you are going to the intended destination.
Protect Yourself and Others from Phishing
Phishing attacks try to threaten you into giving up your personal information, but there are ways to protect yourself:
- Be suspicious of any email asking you to enter or verify personal information through a website or by replying to the message itself. Never reply to or click the links in such a message.
- If you feel the message may be legitimate, go directly to the company's website by typing the URL in your browser, or contact the company to see if you really do need to take the action described in the message.
Remove Bad Email
When you recognize a phishing message, delete the email message from your inbox, and then empty it from the deleted items folder to avoid accidentally accessing any links contained in the message.
Email with HTML enabled allows you to send and receive formatted text, hyperlinks and images. Plain text email blocks text formatting, hyperlinks and images.
- To avoid malicious links and other hidden risks from phishing scams, disable HTML in your email application and enable plain text.
- When you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your email application's ability to execute code, which leaves your computer more vulnerable to viruses, worms and Trojans.
- Open the Help section of your email application to learn how to disable HTML.
Take Action and Report Phishing
If you think you have fallen for a phishing scam or provided your information to a malicious website:
- Change your password immediately at password.uark.edu.
- Email firstname.lastname@example.org providing the details of the phishing scam and state that you have changed your password.
Some malicious email is so well disguised that it slips past security measures unless reported. Phishing scams, spam and other abusive or suspicious email should be reported to email@example.com with full header information.
Prevent More Phishing
If you receive a phishing message, do not reply. If you personally know the sender, contact them to let them know that their email was compromised. They should go to password.uark.edu and change their password immediately.