Phishing is defined as "the activity of defrauding an online account holder of financial information by posing as a legitimate company." It attempts to steal your credentials through emails or sending you to fake websites where they'll trick you into providing your credentials. It is also possible for a phishing attempt to lead to your identity being stolen. You can learn how to identify phishing messages and avoid disclosure of your information.
Michigan State University continues to be a target of phishing attacks. Some of these emails are extremely sophisticated and have included real engineering email addresses and official signatures. Some of the fake websites have even matched the existing website.
You likely have valuable MSU and Engineering accounts, and from time to time you will be the target of phishing. Please exercise care when receiving emails, and if you have any questions, contact DECS Support at support@egr.msu.edu, 353-8891, or stop by 1325 Engineering Building.
Tips to Recognizing a Phishing Attempt
- Sender's email address. If the address doesn't match their known email address, then it is probably a phishing attempt.
- Non-matching URLS. If the URLs don't match the links in the email, then it is probably a phishing attempt. You can check the URLs by hovering over the link. At the bottom of your email client, it will reveal the actual web address as seen below.
If you can't see where the URL links to when you hover over them, then you can try copying and pasting the link into a Microsoft Word document. After you copy the link into Word, right click on the pasted link and select "Edit Hyperlink" from the menu. Selecting "Edit Hyperlink" will open a pop-up window in Word. This window will have an Address field that will show the actual URL from the email. If the URL goes to a different website, then it is probably a phishing attempt. - Information verification. Never provide account information through email. If the email asks you to verify your personal information through email, then it is a phishing attempt.
- Ominous warning/threat. Phishing attempts to incite your fear, worry, or a sense of urgency. If an email says that your account will be suspended shortly if you don't update your information, then it is phishing attempt.
- Undisclosed-recipients/unlisted-recipients. If the email recipients is listed as undisclosed-recipients/unlisted-recipients, then it is probably a phishing attempt.
- Suspicious Attachment. If the email has an unexpected attachment, such as a file with the extensions .exe, .js, .wsh, .scr, .zip, .com, or .bat, then it is probably a phishing attempt.
- Verification by clicking on a link. If the email requests that you verify your account by clicking on a link, then it is probably a phishing attempt.
- Plain text/absence of logos. Most legitimate email messages will be written with HTML and they will probably have a mix of text and images. If the email message looks different then what you're used to seeing, then it is probably a phishing attempt.
- Generic greeting. If the email is addressed with a generic phrase like "Dear valued customer" or "Dear Yourusername", then it is probably a phishing attempt.
How To Protect Yourself from Phishing
- Think before you act on an email. Be wary of any communications that implore you to act immediately or warns of negative consequences if you do not act now.
- If an email looks suspicious, even if it is from someone you know, before you act on the email, contact the DECS Support Office at 517-353-8891 or forward the mail to support@egr.msu.edu
- Do not provide or share your password with anyone. There is no circumstance that anyone else should have your password to your account.
Test Your Phishing Attempt Recognition
DECS, along with several information technology companies, have produced quizzes to test your phishing I.Q. Do you think you can recognize a phishing attempt email or website? Take the tests to find out!
- Federal Trade Commission - "Phishing: Don't Take the Bait"
- Dell SonicWALL "Phishing IQ Test"
- OpenDNS "Phishing Quiz"
Make sure Spam Filtering is Enabled on Your Engineering Email Account
DECS provides many services to our users, including the ability to filter out spam messages sent to your engineering email address. Spam Filtering is enabled by default on new accounts but you can check your status using the following steps:
- Using your EGR username and password, log in to the My Account page of this website.
- Click Email Spam Filtering in the menu under Account.
- The page will display a message with your spam filter status.
- To change the status, click in the checkbox next to Enable Spam Filtering and then click Save Filter.
- Log out.
If legitimate email is being sent to your spam folder, you can setup email allowlisting on your account. You can also forward the email to support@egr.msu.edu and we can assist you with allowlisting the email address. You can add the email to your allowlist by the following steps:
- Using your EGR username and password, log in to the My Account page of this website.
- Click Email Spam Filtering in the menu under Account.
- The page will display a message with your spam filter status.
- Click Allowlisting (Accepting).
- To enable allowlisting, click the checkbox next to Enable Allowlist.
- Add the email address that you want to filter (one per line). These can contain a wildcard (*), i.e. *@msu.edu would be all msu.edu addresses. It is NOT recommended that you allowlist your own @msu.edu address since this will prevent spam checking on forwarded or spoofed email.
- Press Save to save changes.
If spam is still being sent to your Inbox, please set up email blocklisting and send the email to abuse@egr.msu.edu.
- Using your EGR username and password, log in to the My Account page of this website.
- Click Email Spam Filtering in the menu under Account.
- The page will display a message with your spam filter status.
- Click Blocklisting (Blocking).
- To enable blocklisting, click the checkbox next to Enable blocklist.
- Add the email address that you want to filter (one per line). These can contain a wildcard (*), i.e. *@junkmail.com would be all junkmail.com addresses.
- Press Save to save changes.