Audience: All Franklin and Urbana University users with University Office365 email accounts.
Disclaimer: The results and functionality of the following article only apply to audience listed above.
Phishing or Malicious Emails
Definition: Phishing is the fraudulent attempt to gather personal information such as passwords, identity information, or financial information.
Action Item 1. Determine if it is a phishing email using the section below entitled "How to Detect Phishing Emails or Malicious Emails." If the email is a phishing email, please follow the other 3 action items below.
- Remember, don't click on any links or enter any personal information unless you determine an email is completely legit. Use the criteria in sections of this article below to determine if the email is legit.
Action Item 2. Reset your password: If you have entered any personal information, best practice is to promptly change your University password.
Action Item 3. Forward the email to the Help Desk as an attachment, so that we can investigate. If you have already forwarded a copy of the email, thank you for your prompt action!
Instructions to forward an email as an attachment: Start a new email to email@example.com > drag the phishing email into the body of the new email > Send.
**There is an image at the bottom of this document showing the process**
Action Item 4. Mark the email as Junk:
Instructions: Click Here
How to Detect Phishing Emails or Malicious Emails
- Move your mouse over links in emails and it may show a different address than the one displayed.
- Phishing emails often have generic greetings and signatures such as "Dear User" and "Sincerely, IT Helpdesk," etc.
- Don't respond to emails that appear to be official, but come from un-official email addresses.
- Be wary of anything that gives a sense of urgency, or states that it requires immediate action
- Be wary of too-good-to-be-true offers such as free airline tickets or vacation
- Be wary of SMS messages that says it is from "5000" or some other number that is not a cell number. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number
Please note that Franklin University will NEVER ask for your password through e-mail, so be wary of anything that says otherwise.
Detect Phishing Websites
- Check for slight misspellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com
- Check that you are on a legit website - Just because the word "Franklin" or “Urbana” is in the web address doesn't mean that it is a legitimate website.
- Be wary of pop-ups - Some phishing sites may take you to a legitimate website, but then prompt you for your username and password.
- Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.
- Please note that Franklin University will NEVER ask for your password through e-mail, so be wary of anything that says otherwise.
- Don’t enter sensitive or personal information on unsolicited websites or popup windows.
- Go to links yourself, rather than clicking on links in emails
- Don't click anywhere in suspicious e-mails—even in what may appear to be white space.
- Don’t open attachments in unexpected or suspicious e-mails or instant messages.
- Don’t send passwords, bank account numbers, or other private information in an email.
- Don't accept social media friend requests from people you don't know
- Don’t provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
- Look for 'https://' and a lock icon in the address bar before entering any private information on a website
- Install and regularly update an anti-virus program that can scan email.
- If an email from a friend or colleague looks suspicious, call them and ask if the email is legitimate
- Call your financial institutions directly using the number found on the back of your credit/debit card or your monthly statement
- If a person is requesting for personal information from an unrecognized number, ask for a case number and then call back through the main number.
- Never use your University credentials (username/password) to login to other non-University websites
- Never respond to a request for your password sent by e-mail, even if the request appears legitimate.
- When in doubt about an email, contact the Help Desk.