Phishing E-mails

Phishing is when criminals send malicious or misleading e-mails in an attempt to gain your information (e.g., login info, credit card details, money, etc.) for criminal use. Criminals try to acquire personal and financial information, as well as sensitive University information and resources. They may use e-mails to infect computers with ransomware or Malware. Malicious e-mails often use urgent language, ask for personal information, and/or have grammatical, typographical, or other obvious errors.

Recent Phishing Alerts

Check the Security Alerts for recent phishing campaigns.

Phishing Scams

Phishing scams are designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., e-mail, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via e-mail.

Avoid Phishing

Tips to avoid phishing:

• Do not click on links in e-mail.
• The safest practice is to read your e-mail as plain text.
• If you choose to read your e-mail in HTML format:
  • Hover your mouse over the links in each e-mail message to display the actual URL. Check whether the hover-text link matches what's in the text, and whether the link looks like a site with which you would normally do business.
  • Before you click a link, check to see if the message sender used a digital signature when sending the message. A digital signature helps ensure that the message actually came from the sender. You should remain vigilant in recognizing the warning signs of phishing scams.

Identify Phishing

The following articles will help you to identify phishing attempts.

• How to recognize Iowa State e-mail from phony look-alikes
• Phishing examples - Can you spot the difference
• Manage and Organize your Exchange Inbox

The following videos will help educate you on how to become more Cyber and Phishing aware.

• Cyber Security video from ISU IT Services - Don't Be Fooled
• Cyber Security Awareness - Phishing Attacks - from SANS.org

Report Phishing

If you received a suspicious e-mail:

Report the e-mail to the Solution Center.

If the Phish impersonates an Iowa State address or service:

Forward the entire message with full e-mail headers to solution@iastate.edu.

Note: For CyMail users, if your message is rejected when you report spam or phishing to solution@iastate.edu:

• In the message you would like to report, click the down arrow next to the Reply arrow and select Show original.
• In the Original Message screen, click Download Original to download the page as a .txt file.
• Compose a new message, attach the file you downloaded, and send the new message and attachment to solution@iastate.edu.

If you are a CyMail user:

Report the phish to Google by using the report phishing option.

If you receive a phish impersonating another institution or business:

Contact the real organization to let them know. e.g., a bank, retailer, or other institution.

Recover from Phishing

If you gave personal information to a phishing e-mail or on a suspicious webpage, your account may be compromised.

Complete the following:

• Change your Iowa State password
• Contact the Solution Center
• Carefully review any online account for which you gave information