Phishing is a type of email (or other communications) where the sender attempts to trick the recipient into giving out personal information, such as account names and passwords, usually by attempting to impersonate official email. Like it's homonym, phishing emails cast out many emails hoping that someone will "bite" and fall for their deception. They often use scare tactics to put the recipient off-guard, threatening such consequences as permanently blocking your account or losing refunds to prompt the recipient into acting quickly (and not carefully).

So what does a phishing email look like?

A phishing email will attempt to look like an official email, usually from a well-known company like Facebook. They may hijack and alter an official email, or they may attempt to be more generic, avoiding mentioning a specific company and instead referring to themselves in more general terms like "administrator". They will usually reference some type of account problem, usually concerning the security of your account, and will threaten dire consequences if you do not act immediately.

Cyber-criminals aren't very well known for their spelling acumen, and as such the email will likely contain many spelling and grammar mistakes. Professional companies care about how their emails and correspondence look, and at the very least run a spell-check or grammar check on their emails prior to sending, if they aren't employing professional copy editors. Not every email with spelling errors is nefarious, but it is one thing that should raise suspicion.

While links are a popular way to share information via email (and a preferred message for file sharing) you should be suspicious of emails with links in them, especially within unsolicited emails. Phishing emails may use HTML to disguise their link by making it appear to go somewhere else. For example, the text in this link says "http://www.microsoft.com", but the link actually points to http://www.salisbury.edu/helpdesk/security/. You can check this yourself by hovering over the link. In Outlook, this will show in a yellow box by your cursor; in web browsers this usually shows up in the status bar at the bottom of the window.

Keep in mind too that phishing isn't limited to email, though it is the most common method. Phone calls and postal mail are also used, though less commonly.

So what should you do if you receive a phishing email?

If you think you have received a phishing email, delete it. Don't click on any sort of link, or respond to it at all.

How do they get my email?

In most cases, they haven't actually gotten your email address. Most of these spoof addresses, which means that they're generating random combinations and some of them end up being legitimate. Unfortunately, that means that from time to time you get bounce-backs from these.

In other cases, they harvest them from the web (looking for the @ symbol), buying email lists, or getting them from tricking someone you know or have emailed.

What does SU do to help protect us from phishing emails?

SU blocks known fraudulent email from ever reaching the campus at our firewall, based on a number of triggers and blacklists (some of which we cover above). Email that is suspicious, but doesn't reach the blocked threshold will receive the subject prefix [SPAM] when delivered, to indicate that it may be spam. Our firewall also blocks certain known bad attachments, and quarantines others that may or may not be malicious (which the recipient must release or block themselves).

In addition to our security measures, Outlook has built in measures as well, blocking some attachments and employing its own Junk Mail Filter.

However, because of the ever-changing nature of these cyber-criminals, it's impossible to block every phishing email from reaching your mailbox. In order to block every malicious email, we would also have to block legitimate email as well, as many of the factors which indicate a malicious email may also apply to legitimate email, including word triggers, spelling and grammar mistakes, etc.

As such, we take other security measures. Anti-virus (Microsoft Forefront) is installed on all campus computers, and is updated and managed by IT on a regular basis. Outgoing mail is also monitored for suspect activity, and email outside of the system is limited to a maximum number of messages per timeframe to prevent spam. Our password security and expiration policies are also a measure to minimize the impact of these emails, and we have pages such as this one and regular emails and communications to the campus as reminders of campus cybersecurity.

Should I report it?

This is up to you. If you do want to report these, there are a few places where you can submit your report.

There are a number of government agencies and non-profit organizations that gather these types of emails for investigation. When sending these emails, be sure to Forward as an Attachment when possible, as that will include email headers that are necessary for these agencies and organizations to track the originator's address.

The Federal Trade Commission (FTC) has set up an email address spam@uce.gov to receive spam and phishing complaints.
The Anti-Phishing Working Group accepts reported phishing emails at reportphishing@antiphishing.org.
The United States Computer Emergency Readiness Team (US-CERT) accepts phishing reports at phishing-report@us-cert.gov.
If the email is impersonating a specific company, forwarding the email to that company's help or support team may also be recommended.
You can also forward the email (as an attachment, preferably, to maintain message headers) to ITSecurity@salisbury.edu or spam@salisbury.edu (or both).

You can also contact the Help Desk if you are unsure as to whether an email is legitimate or not. If it isn't, we may recommend that you report it to one or several of the above addresses.

What should I do if I responded to one of these?

If you think you've responded to one of these emails, or clicked on one of the links, there are several things you should do.

Contact the Help Desk immediately at 410-677-5454 or by forwarding as an attachment the suspected email to helpdesk@salisbury.edu and InfoSec@salisbury.edu. Let us know how you have interacted with the email (clicked a link, responded, etc.) within the email.
Change all of your passwords. Use the Forgot my Password link on GullNet's login page (http://www.salisbury.edu/gullnet) to receive a new GullNet password, and reset your Active Directory/Email password at http://mypassword.salisbury.edu. You should also reset any other passwords you have, change PINs, etc.
Contact your bank about putting a fraud alert on your credit reports. You can contact the credit agencies directly as well; information can be found at http://www.fightidentitytheft.com/fraud_numbers.html
Close any accounts that may have been compromised, and monitor your accounts for suspicious charges monthly.
Double-click on the Forefront logo in your task bar () and choose Scan Now.

More Information

For more information about phishing, you can check out these helpful websites (where a lot of this information was gathered from):

On Guard Online: http://www.ftc.gov/bcp/edu/microsites/onguard/index.shtml
US-CERT: http://www.us-cert.gov/index.html
Microsoft Safety and Security Center: http://www.microsoft.com/security/default.aspx
Fight Identity Theft: http://www.fightidentitytheft.com/
The Anti-Phishing Working Group: http://www.antiphishing.org/
NakedSecurity from Sophos: http://nakedsecurity.sophos.com/
BlogsMSDN: http://blogs.msdn.com/b/securitytipstalk/archive/2010/08/06/how-do-spammers-get-my-email-address.aspx