UTS Phish Tank

An explanation of phishing along with a guide on how to protect yourself and what to do if you receive a phishing attempt.

The OU Phish Tank provides information about phishing such as:

• What phishing is.
• How to spot phishing.
• How to protect yourself against phishing attempts.

Who is Eligible?

Faculty, Staff or Students

What is Phishing

Phishing is a type of Social Engineering attack in which a bad actor poses as a trusted or reputable source and sends fraudulent emails with the intent of manipulating victims into:

• Revealing personal, protected, or confidential information
• Executing malicious software, usually by clicking a link or opening an attachment, that allows them to steal data or take control of the system

Most phishing emails targeting OU generally fall into two categories:

• Phishing: Messages that are sent in bulk to our user community containing general information. For example these phishing messages typically have limited, if any, personal information and usually include a generic message such as “Your mailbox is full” or “Your account expires, please reactivate using this link”. Additionally, the message appear from a generic party such as “Your support team”
• Spear Phishing: Messages that are specific in nature and target individuals or departments by personal information such as first and last name, job title, etc. Furthermore, these messages appear to come from someone you know such as a co worker, supervisor, or business partner and are informal "I'm in a meeting and need help, do you have 5 minutes to spare"

Is Spam the Same as Phishing?

Although similar spam and phishing are different types of email. Spam is unsolicited promotional email sent in bulk and can be equated to "junk mail" received via the USPS and beyond clogging up your mailbox is typically harmless. As described above, phishing is more nefarious and is intended to gain something from the recipient such as gift cards, credentials, or information that can be used for identity theft.

How can I Spot Phishing

UTS maintains a repository of phishing emails that have targeted the University, reviewing the "Fresh Phish" is a great first step to determine if an email is phishing.

Most Common Phishing Messages

• Remote Work/Internship Positions
• Check Cashing
• Benefits Package

Check out Fresh Phish for more examples

Top Indicators

Phishing emails often contain one or more of the following indicators

• Poor grammar and/or spelling
• Too good to be true. For example "You've been selected to receive a new iPhone for free" or "$350/week for 7 hours"
• A sense of urgency and deadline for action. For example: "Click Here in the next 24 hours to reactivate your account or your email will be deleted"
• Request for non-standard follow-up method of communication. For example you typically communicate with the person via email, but they are now asking you text them at a new number
• Unusual financial requests such as paying an invoice using a non-standard process, purchasing gift cards, or asking you to purchase something with personal funds and get reimbursed
• Unusual Sender address. For example securityteam.oakland.edu@gmail.com
• The address ends in @gmail.com instead of oakland.edu
• Unexpected invitations to collaborate with new entities (e.g. other schools, charities, businesses, etc.)

Another great resource for protecting yourself from phishing is the UTS Security Awareness Training program. This training is available to all faculty and staff and can be completed in as little as 2 minute increments.

How can I Protect Myself From Phishing?

• Only access email only using Webmail
• Do not click links contained in a email, instead open a browser window and navigate to the site by typing the address into your browser
• On mobile devices hold your finger down on the link and true destination address will appear
• Ensure you have up to date malware and antivirus software installed and verify its configured to scan email attachments
• Enable browser security settings to block fraudulent websites
• Verify the message using a trusted contact method. For example call the person directly or follow-up with a company using the contact information on their website

DO NOT engage with the malicious attacker. While it may be tempting to respond to a phishing email saying "I have reported this message" this type of contact just encourages more malicious activity.

How can I Report a Phishing Email?

If you suspect a message is phishing the most effective action is to report directly to Google, who is the University's email provider. Google has automated processes to identify the sender and block future mail from being delivered. You may report phishing by completing the follow steps:

1. Open Webmail (webmail.oakland.edu) in a browser
2. Open the phishing message
3. Next to the reply arrow click the three dots.
4.  Click “Report Phishing”. 

Google provides more detailed information at their "Avoid and report phishing emails" website.

You can also help protect the University by submitting new or novel emails to the UTS Security Team for review and inclusion in our phishing examples library. by completing the following steps:

1. Open Webmail in a browser.
2. Open the phishing message.
3. Forward the email to phishnet@oakland.edu with a subject line of “Phishing Example”.
4. Next to the reply arrow click the three dots and click “Show Original”.
5. Select “Copy to clipboard”.
6. Create a new email and paste this information into it.

Send the new email to phishnet@oakland.edu with a subject line of “Phishing Example - Show Original”.

What Should I do if I Clicked a Link in a Phishing Email?

If you interacted with a phishing email by clicking a link please follow the steps below. If you had additional interactions such as emailing or calling the malicious actor, providing NetID credentials, or installing software immediately contact the Security Team by emailing uts@oakland.edu.

• Reset your GrizzlyID PIN, NetID, and ADMNET passwords by using the NetID Utility.
• Reset your Banner password by using the Banner Unlock Reset Utility.
• Complete the Gmail Security Checklist.
• Ensure that no additional devices have been added to your Duo Account using the Managed Devices option.
• Review your OU account(s) for signs of alteration or suspicious activity. For example the types of items we encourage you to verify are:
  • Webmail settings such as address book, reply to address, signature, filters, etc…
  • G Suite settings including calendar sharing and nickname per Google's directions.
  • Registration Status and Course enrollment (if applicable) using MySail.
  • Personal and Direct Deposit information (as applicable) using Sail.
• If the event occurred on a University owned device, submit a ticket to the OU General Help Desk by emailing helpdesk@oakland.edu and request a malware scan.

If an abnormality is discovered while completing the above steps, submit a ticket to the Security Team by emailing uts@oakland.edu.

What Should I do if I was a Victim of a Check Cashing Phishing Campaign?

If you were a victim of a check cashing phishing email, please see the instructions below.

If the check is deposited, kindly contact OUPD or the nearest police department to report the incident. Follow the directions given by the police department. Notify your bank regarding the incident.

If the check is not cashed:

• Block the person communicating through the phishing email.
• Reset your OU NetID and password. Choose a strong password during the reset.
• Delete any downloaded attachments or files that might have come with the phishing emails.
• Run a full system Anti-virus/Malware scan your device which received the phishing emails.
• Always keep a close look if other suspicious or potential phishing emails come up.

Additional Support

• OU Technology Center
• 44 Oakland Center
• Rochester, MI 48309-4479
• (248) 370-4357
• Office Hours: M-F 8:00am - 5:00pm