Phishing FAQ & Mobile Security Checklist
Phishing Emails
Phishing emails are deceptive messages designed to trick recipients into revealing sensitive information such as passwords, financial details, or personal data.
Protect Yourself from Phishing Attacks!
Cybercriminals craft emails to express urgency, authority, intimidation, potential reward, and/or need. Cybercriminals want your money, data, identity, and access to your home and ETSU networks. Double check emails with [EXTERNAL] or [SUSPECTED SPAM] tags. Report suspicious emails with the Phish Alert button in the Outlook toolbar. This Phish Alert Knowledge Base Item item provides step-by-step instructions.
-
What is a Phishing eMail?
Phishing Emails are sent by cybercriminals hoping to trick victims into revealing sensitive information (passwords, bank account numbers), applying for non-existent jobs (job fraud/overpayment schemes), re-routing paychecks, paying for items that were never ordered, or buying giftcards or sending money to cover shipping costs for free gifts. Ultimately, cybercriminals want to empty your wallet!
-
How Can I Recognize a Phishing Email?
Look for language that expresses urgency, authority, intimidation, potential reward, and/or need.
- Do you feel an urgent need to respond?
- Does the email offer something that seems too good to be true?
- Does it sound like you will be in trouble if you don't respond immediately?
- Ask yourself, did I expect to receive this email?
Other possible indicators:
- Do links in the email lead you to forms that are NOT on an ETSU webpage?
- Hyperlinks in the email that lead to non-ETSU webpages (check by hovering over the link without clicking) may be phishing attempts.
- Check to see if the email is from a non-ETSU account. Check to see if there is an "external" tag in the subject line.
If you see or suspect any of these criteria are met, the email may be a phish attempt.
-
Examples of Phishing Emails
As a general rule, job offers with the following characteristics should be viewed with suspicion:
- Promises of earning hundreds of dollars per week for minimal work
- Fully remote positions with no requirements or experience needed
- Flexible “make your own hours” messaging
- Links to non-ETSU websites using ETSU branding and requesting extensive personal information
- Instructions to reply using a non-ETSU email address
Some specific examples include:
- part-time job offer: $400 per week; 2-3 hours per week; remote work; set your own hours; first person to apply gets the job (the criminals get your banking info and clean out your account)
- free piano: an elderly person is offering a free piano to someone who will care for it (you'll pay plenty of shipping fees but you'll never receive a piano)
- account closure: you are asked to confirm your username and password or your account will be permanently closed (if you send the information, your account is immediately compromised)
- unexpected invoice: an invoice shows you were charged $400 for something you did not buy; you call the sender and provide bank or credit card details to be re-imbursed for the charges (your bank account gets cleaned out or your credit card gets maxed)
- jury duty or unpaid fines: you are threatened with arrest if you do not respond (you are asked for payment to get out of jury duty or to cover your fines)
- boss needs a favor: you are asked to purchase and send gift card numbers to a senior administrator stuck in an important meeting (you will never get your money back)
If you receive a message like this, please report it as phishing using the “Report Phish” option in the top menu of your ETSU Outlook account. ITS does not recommend responding to or engaging with the email in any way. Reporting phishing emails allows ITS' automated systems to analyze the threat and remove it from other inboxes, helping protect the campus community.
-
How Do I Report a Phish?
Use the Phish Alert button in the upper right corner of your ETSU Outlook email account to report the email to our automated Phish response system. The system alerts ITS to the phish, determines if the email is a phish, and quarantines the message if it is determined to be a phish. Additional details can be found in the Phish Alert Knowledge Base Item.
The sooner you report a phish, the less harm it can do to others who might not recognize it as a phish.
-
What if I am Unsure About an Email?
If you receive an email from an ETSU office or employee and you think it might be legitimate but something about the email just doesn't feel right, call the sending office and ask them if they sent the email.
You could also call the ITS Help Desk (423-439-4648) and check with them. It's always better to spend a few extra minutes checking and keep your accounts and information safe.
-
What is ETSU Doing to Make My Email Safer?
- We employ multiple spam and phish filters but some unwanted email still slips through, which is why the Phish Report button in Outlook is so important.
- An automated AI-based system evaluates phish reports and initiates "rips" to remove the phish emails from inboxes.
- As we receive phish alerts, we block senders, search and destroy their messages, and work with cloud providers to revoke criminal email and web accounts.
- We share detailed information from our phish reporting system with cloud vendors and agencies fighting cybercrime. There is no faster way to report a phish than using the Phish Alert button in Outlook.
-
What Happens if I Report Spam as a Phish?
Reporting Spam with the Phish Alert button has no effect as our AI-based phish evaluation system does not identify spam as phish.
- Spam Emails: When you receive spam emails, you should block the sender and move the message to your junk folder. To block the sender, right click on the email from your inbox. However, you do not need to hit the Phish Alert button in Outlook for spam emails.
- Phishing Attempts: Yes, please report immediately. This Phish Alert Knowledge Base item provides step-by-step instructions.
To get rid of spam, use features in Outlook to block the sender or move the email to the junk folder. If you move a sender to the junk folder, future emails from them will go to junk. Alternately, use the traditional unsubscribe link in the body of the sender's email (although this does not always work).
CYBER-TIPS TO HELP PROTECT YOU, YOUR ACCOUNTS, AND YOUR MOBILE DEVICES
If you need help with any items below, reach out to the ITS Help Desk.
If your laptop or mobile device is stolen
- report the theft to ETSU Police Department and ask for the report number
- get online ASAP and change your passwords
- report the theft to your insurance company
- recovery rates for stolen laptops are less than 2% nationally (per FBI); work to prevent theft!
David Collins Way Road Closur...