Email Phishing and Spam

Technology Services encourages all members of the campus community to beware of illegitimate phishing emails designed to deceive you into sharing your credentials and other sensitive information.

Ways to Recognize a Phishing Message
Spam Messages Versus Phishing
How to Report a Phishing Message
Examples of Phishing Attempts

Ways to Recognize a Phishing Message

Many phishing email messages are poorly constructed, making them obviously suspect, but others may appear on the surface to be from a legitimate Puget Sound email address or external service (e.g. Microsoft, Google, Dropbox, Wells Fargo). You should always avoid clicking on links or opening attachments in email messages from unknown or suspicious sources. Be especially careful when checking email on a mobile device as many telltale signs are difficult to detect. 

Common signs an email may be phishing:

  • Comes from an unrecognized email address outside the *@pugetsound.edu domain
  • Contains threats like shutting off a service or exposing information
  • Asks you to click a link for verification or upgrade
  • Links to a shared document you are not expecting
  • Hyperlinked text or buttons lead to an unfamiliar website (hover over linked text to show URL path)
  • Contains attachments with unusual file extensions
  • Sense of urgency
  • Demands payment via Bitcoin
  • Impersonates third party applications not used by the university
  • Reply-to email address does not match sending address
  • Sent outside normal business hours
  • Bad spelling or grammar
  • Display name does not match email address

Spam Messages Versus Phishing

While both spam and phishing result in receiving unwanted messages, spam is not malignant while phishing actively targets the recipient with the goal of stealing login credentials or sensitive data. Spam messages are typically unsolicited commercial emails. There is no need to report spam email messages to Technology Services unless you think it may be malicious. To handle spam emails, you can block the sender if desired then simply delete the email. 

  • In Outlook on Windows: right-click on the email, hover over "Junk" then click Block Sender.
  • In Outlook on Mac: right-click (Control + Click) on the email, hover over "Junk Mail" then click Mark as Junk and/or Block Sender
  • In Webmail (Outlook Web Access): right-click on the email, then click Mark as Junk. 

How to Report a Phishing Message

If you think you may have fallen for a phishing scam, please contact the Technology Service Desk immediately at 253.879.8585. Aside from changing your password, there are other steps needed to mitigate the risk of a compromised account.

If you are reporting a phishing email or have a question about the validity of an unexpected email message, please forward the email as an attachment to servicedesk@pugetsound.edu

  • In Outlook on Windows: select the email, click More, then click Forward as Attachment

  • In Outlook on Mac: select the email, then click Attachment

Examples of Phishing Attempts

Below is an example of spear phishing where the attacker impersonated a current academic department chair. Usually, this type of phishing is very targeted and the attacker has researched the organization's structure in order to impersonate a specific department's head or vice president. The email is then sent to individuals in the targeted department. Though the email contains no malicious links, they are generally social engineering attacks and may request favors like purchasing gift cards on a tight timeline. Note that the attacker discourages the recipient from contacting the alleged sender via alternative methods.

Attackers may try to mimic voicemail email notifications. Please note that if you have voicemail to email set up at the University of Puget Sound, the emails will always come from a Puget Sound email address and contain an attachment with an audio file. The phishing email below contains a .htm attachment leading to a malicious website. The sending email address is not a Puget Sound address. 

Below is an example of a phishing message where the attackers spoofed the email address to make it appear as though it were originating from a Puget Sound email address. The message presents a false sense of urgency to prompt a user to click a non Puget Sound link to avoid interruption to services. The generic greeting and lack of specified recipient lends suspicion as well. 

Below is an example where the sender attempts to manipulate the recipient into believing that they may be missing important emails. As Office 365 is a Microsoft product, checking the email address quickly reveals that the message does not originate from Microsoft and is therefore illegitimate. This email contains multiple typos as well as the incorrect format for a Puget Sound email address. Hovering over the link reveals a potentially suspicious site. 

Phishing emails can pretend to be notifications for a fax, voicemail, or shared document. Be aware of the legitimate methods Puget Sound utilizes for those notifications in order to recognize bogus messaging. Attackers may copy the logo from a legitimate site, making it look real. In this example, the sender does not address a specific recipient, indicating that it may have been sent to a large quantity of addresses. Again, the link contained does not lead to a recognized Puget Sound site.

REMEMBER:  Technology Services will NEVER send you an email asking for your password or requesting that you “re-validate” or “update” your profile by clicking on a link in a message.