Phishing Email & Compromised Account Information

Description

Phishing is an identity-theft scam that uses "spoofed" or fake emails and Web sites to trick people into giving out personal information, such as credit card numbers, usernames and passwords, or social security numbers. Phishing is usually done by hijacking the brand identity of a bank, university, legitimate company, or an online store in a spoofed email that is sent to large numbers of people. The email will usually contain a link to a Web page designed to look just like a legitimate company's site.  A phishing scam will use this page to capture any information that you provide, then sell or use the information for malicious purposes. 

Table of contents:


More Information

  • The Gannon ITS department will never ask for personal information, such as your network password or social security number through an email.  
  • If ITS had an important message to get across regarding your email you would more than likely find it on my.gannon.edu.
  • ITS would never send out an email asking you to click a link to deactivate your account or click a link to enter in your Gannon information. 

Resolution

How do I avoid a Phishing scam? 

Always be suspicious of e-mails asking for sensitive information. 

  • Remember that e-mail is not a secure form of communication.
  • Organizations you do business with already know your account information and will never request it from you in an e-mail.
  • Phishers will usually include false statements that are designed to increase urgency and try to make you give up your information more quickly, such as "Your account is going to be terminated unless you respond immediately." 

Never respond to an e-mail request for personal information. 

  • Always error on the side of caution.
  • Look at the “From:” field in the e-mail.
    • If the organization name does not match the “Reply To:” organization name, the message is probably spoofed (falsified).
    • For example, a message from a local credit union or bank would not have a reply e-mail address ending in "yahoo.com".
  • If you ever need to provide personal information like a credit card number, make sure you are using a secure, trusted web site.
  • If on a phone call, be sure you are the one that initiated the call to the company and not the other way around.

Never follow the links in an e-mail you suspect might be phishing. 

  • If you are unsure about a link to a site you receive in an e-mail, “hover” your cursor over it.
  • If the link text in the e-mail doesn't match the link address, do NOT click it.
  • Log directly onto the company’s web site or call the company.  
  • Most companies will know if there is a phishing scam involving their company and be able to verify if the information in the e-mail is real or not.   

Note: If you think you are at risk of scamming, immediately change your password and contact the Help Desk.   

Report Phishing 

If you receive a phishing attempt, please grab the email header information and email it to helpdesk@gannon.edu or click here to submit a ticket. To investigate reports of phishing, ITS needs the full message - body, full headers and any attachments. Forwarding the message typically does not include the full headers.

Display email headers: Outlook for Windows

  1. In Outlook, open the message by double-clicking on it. This will open the message in a new window.
  2. In the new window, select Info under the File menu, then look at Properties.
  3. Copy and paste the contents of the Internet Headers field into your email to the Help Desk.

OR

  1. In Outlook, open the message by double-clicking on it. This will open the message in a new window.
  2. Select File and Save As, then add the message as an attachment in your email to the Help Desk.

Compromised Account

Account sending emails you did not send. Contact us at 814-871-7501 or click here to submit a ticket.

Checklist:

  • Check MFA/SSPR options on account 
    • Navigate to office.com, sign in with Gannon account and select View Account from the top right of your name.
    • On the Security info tab, then remove anything that is not theirs (unsure remove them all and start over to be safe).
  • Change the password (ask if it was the default when it became compromised)
    • Navigate to office.com and sign in with the Gannon account.
    • Select "View Account" under name in top right and "change password" under password on the 'Overview' section (left side panel).
      • Network Password Information (Requirements) Note: The new password can't be close to the old and you can not recycle the compromised password or a similar password in the future. If it was set to your default password then they can never leave it at the default if the Help Desk manually resets the password. If you use that password or one similar on any other accounts (Example: banking or social media) we advised to change those passwords as well. 
  • Sign out of everywhere on Gannon account 
    • Navigate to office.com and sign in with the Gannon account 
    • View account under name in top right and "Sign out everywhere" under account profile box on the 'Overview' section (left side panel)
  • Check for any rules left behind 
    • Navigate to office.com and sign in with the Gannon account 
    • Click on the gear icon, in the top right corner, to bring up the settings
      • If you are on the welcome page, you will need to click on the Outlook Icon from the left panel first.
    • Type in “rules” into the search bar
      • Look through the list of rules (if there is any), if there is one that says to go someplace you don’t want it to delete it.
  • Report compromised account to the Help Desk 
100% helpful - 1 review

Details

Article ID: 43995
Created
Fri 12/8/17 2:22 PM
Modified
Thu 11/30/23 8:45 AM

Related Articles (1)

Related Services / Offerings (2)

Report a loss of files or other data including a data breach and a compromised account.
To report a phishing email that is circulating, forward the suspicious email to helpdesk@gannon.edu.