Something sinister is hiding in the shadows. Scammers are trying to collect your information by scaring you through malicious phishing emails. Avoid spooky situations and keep your wits about you this Halloween with some advice on how to identify and act on phishing emails.
Double, double; toil, and avoid trouble
While most emails are blocked before they reach your inbox, some wear convincing costumes to avoid detection. Malicious emails range from common spam to messages that contain malware or try to convince you to give up your credentials to access your information or finances. Additionally, emails that say something is “urgent” or that your account will be deleted if you don’t act quickly, are most likely scams. During the first week of classes alone, Indiana University blocked more than 7.1 million of these malicious emails.
For more information about how to spot phishing messages, visit phishing.iu.edu.
Ghost the spam and report it
If you see a suspicious email in your IU account, you can report it by selecting the Report Message icon in Microsoft Outlook under the Home ribbon. This lets both IU and Microsoft know that the email may be malicious, so that they can take action to prevent it from reaching others. Or you can forward it to phishing@iu.edu for our Incident Response team to take action on blocking the message.
Once you’ve reported the message, delete it. Using the Report Message tool in Outlook will automatically delete it.
Sticky fingers, tired feet; clicked a phish, trick or treat
Accidents happen, we get busy or tired and open an email without thinking about it. If you realize that you have fallen for a malicious message after replying to the email or clicking on a link, the best strategy is to no longer engage. Change your passwords if you used any while engaging with the scammers or on a site.
If the scam was pretending to be from IU, focus on securing your IU account by calling the UITS Support Center or contacting it-incident@iu.edu. Your passphrase might already be scrambled and you will need to unlock your account.
Be on the lookout for any suspicious behavior on your computer and computing accounts if you were influenced or tricked into installing malicious software on your computer. If you notice suspicious files or activities, report it to the UISO.