Beware of Email "Phishing" Scams

Technology Services encourages all members of the campus community to beware of bogus "phishing" email messages trying to trick you into sharing your credentials and other sensitive information or enticing you to click links to websites infected with malware.

If you have any question about the validity of an unexpected email message, please contact the Technology Service Desk at 253.879.8585 or servicedesk@pugetsound.edu.

Ways to Recognize a Phishing Message

Many phishing email messages are poorly constructed, making them obviously suspect, but others may appear on the surface to be from a legitimate Puget Sound email address or external service (e.g. Microsoft, Google, Dropbox, Wells Fargo). You should always avoid clicking on links or opening attachments in email messages from unknown or suspicious sources. Be especially careful when checking email on a mobile device as many telltale signs are difficult to detect. 

Common signs an email may be phishing:

  • Comes from an unrecognized email address outside the *@pugetsound.edu domain
  • Reply-to email address does not match sending address
  • Display name does not match email address
  • Hyperlinked text or buttons lead to an unfamiliar website (hover over linked text to show URL path)
  • Impersonates third party applications not used by the university
  • Sent outside normal business hours
  • Bad spelling or grammar
  • Sense of urgency
  • Demands payment via Bitcoin
  • Contains threats like shutting off a service or exposing information
  • Asks you to click a link for verification or upgrade
  • Links to a shared document you are not expecting
  • Contains attachments with unusual file extensions

Examples of Phishing Attempts

Below is an example of spear phishing where the attacker impersonated a current academic department chair. Usually, this type of phishing is very targeted and the attacker has researched the organization's structure in order to impersonate a specific department's head or vice president. The email is then sent to individuals in the targeted department. Though the email contains no malicious links, they are generally social engineering attacks and may request favors like purchasing gift cards on a tight timeline. Note that the attacker discourages the recipient from contacting the alleged sender via alternative methods.

Below is an example of a phishing message where the attackers spoofed the email address to make it appear as though it were originating from a Puget Sound email address. The message presents a false sense of urgency to prompt a user to click a non Puget Sound link to avoid interruption to services. The generic greeting and lack of specified recipient lends suspicion as well. 

Below is an example where the sender attempts to manipulate the recipient into believing that they may be missing important emails. As Office 365 is a Microsoft product, checking the email address quickly reveals that the message does not originate from Microsoft and is therefore illegitimate. This email contains multiple typos as well as the incorrect format for a Puget Sound email address. Hovering over the link reveals a potentially suspicious site. 

Phishing emails can pretend to be notifications for a fax, voicemail, or shared document. Be aware of the legitimate methods Puget Sound utilizes for those notifications in order to recognize bogus messaging. Attackers may copy the logo from a legitimate site, making it look real. In this example, the sender does not address a specific recipient, indicating that it may have been sent to a large quantity of addresses. Again, the link contained does not lead to a recognized Puget Sound site.

REMEMBER:  Technology Services will NEVER send you an email asking for your password or requesting that you “re-validate” or “update” your profile by clicking on a link in a message. 

If you think you may have fallen for a phishing scam, please contact the Technology Service Desk immediately at 253.879.8585. Aside from changing your password, there are other steps needed to mitigate the risk of a compromised account.