As many of you probably saw this weekend, yet another round of fraudulent "phishing" emails have been sent across Campus masquerading as an official email warning users that their accounts are about to be shut down due to exceeding their storage limit. While it may be easy for many of us to write these off as non-sense, the newest batches have become progressively more convincing to the point that even seasoned users would require a bit of research to determine their authenticity.
|From a purely technical standpoint,
this fake email is a thing of beauty
As we have noted multiple times during these campaigns, the Help Desk will never solicit your account information like this. All of our account work is done via our ePass website [epass.plu.edu], and we will not intentionally put your account into a position where it cannot be recovered.
Given how these emails continue to grow in their elaborateness, we felt it would be appropriate to do a more extended write up with a small FAQ to help better inform the PLU community about these phishing emails.
- PLU (I&TS) will never solicit your account information via email
- If you ever have even the slightest inkling that an email might be fraudulent, do not do anything with it and call the Help Desk at 253-535-7525
- If you have clicked on any links in these emails or responded to them, call the Help Desk at 253-535-7525
- We post up-to-date information on the phishing emails going around on our Twitter @PLUHelpDesk
- This phishing campaign has been attacking users for ~5 months, taking over PLU accounts and sending more phishing emails from PLU accounts
- They often include PLU logos to mimic official PLU emails and claim to be from the non-existent PLU Webmail Management Team
FAQ:Q: What exactly is a phishing email?
A: A phishing email is basically an email meant to trick users into revealing sensitive information, "baiting" them into giving out private info such as passwords, credit card information, etc.
Typically, a phishing email will masquerade as coming from an official source, often claiming to either have important information for the user or claiming that their "account will be terminated" if the user doesn't give out their password information.
Unfortunately, methods will vary from phishing email to phishing email.
Q: How can I tell if an email is a phishing email?
A: Most phishing emails are plagued with:
- Spelling errors
- Grammatical mistakes
- Strange use of punctuation
- Bits of "code" showing in the email
- Vague claims or threats towards your account
- Inconsistent or incorrect information about the account system
The only give-away on this wave of phishing emails was that the process for updating account info was completely wrong (we do everything through epass.plu.edu), and that we would never shut down your account in this fashion. Also, we don't have a Webmail Management Team, and nothing would come up if you searched it.
These phishing emails were so well crafted, the only thing "wrong" about them was that they didn't send you to our actual epass.plu.edu page, which was done by design.
Q: Why is this still happening months after the initial email? Can't these emails be stopped?
A: The way this particular phishing campaign is working is to send out as many emails as possible to PLU emails, collect a few accounts, sit on these accounts for a bit while sending out more emails, and continue to collect more accounts. Every time the attackers get another account, they can send out hundreds of emails; if even one person responds, that's another account and another couple hundred emails.
It's a vicious cycle that we can only break by educating users about the existence of these emails. While we do our best to shut down the accounts as soon as we receive a report, usually we don't get a report until after a few minutes of sending, which can be hundreds of emails by that point.
We are considering other alternatives system side, but we need to be vary careful about such alterations as they can affect the receiving of legitimate emails as well.
Q: What do the attackers have to gain by doing this?
A: Just more sources to spam people with. Once the spammers have a sufficient number of accounts stocked up, they can start sending out spam emails to other people. Often times we will cleanse an account and find that it has been altered to look like a bank or a school or a credit union.
Q: What should I do if I have responded to one of these emails?
A: Change your password immediate by going to epass.plu.edu [epass.plu.edu] and call the Help Desk at 253-535-7525. We will need to walk you through cleaning your account to ensure that no one else has access.
Q: Is there anything I can do to help combat these emails?
A: Yes! Continue to report them to us every time you get one. It may seem futile or redundant, but the sooner we know about a new wave, the sooner we can take action.
Tell your colleagues and friends about the phishing emails and about how they can learn more about them (@PLUHelpDesk); the more people that know, the better chance we have that the phishing waves will be ineffective.