Content | Navigation |

Report a Phish


To report a phishing email, please forward it directly to ndsu.reportaphish@ndsu.edu.

If you receive an email and are unsure of its authenticity, contact the IT Help Desk at 701-231-8685 (option 1) or ndsu.helpdesk@ndsu.edu.

Phishing Scams


Phishing scams are cybercriminal attempts to steal personal and financial information or infect computers and other devices with malware and viruses. Phishing emails can appear to be from a legitimate organization, urging you to act quickly to avoid negative consequences.

These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.1

No one from NDSU will ever ask for your password. 

Phishing scams include:

  • Mass phishing: The most visible type of phishing, mass phishing involves sending out a large volume of emails to as many end users as possible.2
  • Clone Phishing: Spoofed copy of a legitimate and previously delivered email, with original attachments or hyperlinks replaced with malicious versions, which is sent from a forged email address so it appears to come from the original sender or another legitimate source.
  • Spear phishing: Spear phishers have specific targets in mind when creating their phishing scams. They will gather information about their targets from social media and other sources to make a personalized attack that is much harder to detect than a standard phishing email.3
  • Whaling: Whaling is when a cybercriminal makes a spear phishing attack on a "big fish" such as a celebrity, CEO or employee with a high level of security clearance.4
  • Advance-Fee Scam: Advance-fee scams take many different forms. The most common attacks ask the target to send money or bank account information to the cybercriminal.5 6

Hooked by a Phish?


If you suspect you have been hooked by a phishing scam, your best option is to take immediate action.

If you provided the username and/or password associated with your NDSU or N.D. University System accounts, call the IT Help Desk at 701-231-8685 (option 1) immediately.

Your password will need to be changed and your account inspected for any unwanted changes and activity. If you provided information for an account associated with another organization or company (e.g., bank), contact them so they can secure your account and watch for any suspicious activity.

We recommend you change the password for all accounts that utilized the compromised password. This may include accounts external to NDSU, such as your financial institution accounts and social media accounts. Keep in mind that the best practice is to have a unique password for each account, which can help protect your other accounts from being compromised, too.

Consequences of Getting Hooked

 

If you get hooked by a phishing scam, your accounts may be compromised and your devices at risk of being infected by malware. If you replied with sensitive information via email or entered your username and password into a malicious website, your information can be used by cyber criminals in a variety of ways.

Your email account alone can be used to:

  • Make a profit off of your information or it can be made publicly available
  • Access private information including your messages, calendar, chats, photos, voice recordings and location
  • Harvest banking and credit card information that can be used to break into your financial accounts
  • Access associated retail accounts (e.g., Amazon, iTunes, Netflix, Steam)
  • Access or make changes to other academic accounts (e.g., Google Apps for Education, Blackboard)
  • Hijack your social media and professional networking sites (e.g., LinkedIn)
  • Steal your identity
  • Send phishing messages to others, including NDSU students, staff and faculty who are then more likely to fall victim to phishing emails
  • Harvest student information contained in your email or associated accounts, which is a violation of FERPA
  • Harvest research and academic data contained in your email or associated accounts, which may violate international treaties, federal and state laws, and university policies
  • Steal scientific works, journals and other resources that are only available to those who have paid for these materials

Access depends on whether you use the same username and/or password for multiple accounts, what information is contained within your compromised accounts, and what personal information is publicly available online through social media and other directories.

To top

Tips and Advice

Sender Authenticity

Never open an email that looks suspicious.

If the sender is someone you don't know, outside of your organization or if the email is not one used by that specific organization, the email can be considered suspicious.

Outlook Web Example


Mobile Example

When accessing email from a mobile device, some information will be hidden until you click on "Details." In this example, "Details" was already clicked to verify the sender's authenticity.

 

Examine Hyperlinks

Never click on a suspicious link.

When hovering over a hyperlink a link should appear showing where it is directing your page towards. If the link is not going to the page it says it is, if the link is a bunch of random numbers and letters or if the link looks as if it is going to a page on the correct website but has additional text that wouldn't normally be there.

If you are unsure of a link's authenticity, contact the IT Help Desk at 701-231-8685 (option 1) or ndsu.helpdesk@ndsu.edu.

Outlook Web Example


Mobile Example

Hyperlinks cannot be hovered over in an email delivered through Outlook on its mobile app version. Be wary of links and never click on anything you feel is suspicious. 

Spelling and Grammar

Most organizations proof-read their emails before sending. There should be no spelling or grammatical errors in an email from any credible group of people.

Outlook Web Example


Mobile Example

Below is an example of a phishing email delivered through Outlook on its mobile app version. The whole message may not appear when you open it up; however, in this example you can still read enough of the message to point out a few spelling and grammatical errors.

Threatening or Rewarding Language

Never do something because you are threatened over the internet or if the sender attempts to entice you with a reward.

This is often the first attempt at grabbing your attention and is usually a clear sign of phishing.

A Nigerian prince is not going to make you extremely wealthy if you give him your information.

You will not get locked out of any of your accounts if you do not give someone your information.

Outlook Web Example


Mobile Example

When viewing email in a mobile app, the whole message may not appear when you open it up; however, in this example you can still read enough of the message to point out the threatening language.

Attachments

Never open anything in a suspicious looking email.

Attachments have the potential to be carrying viruses and or malware which are harmful to your machine.

Outlook Web Example


Mobile Example

Below is an example of a phishing email delivered through Outlook on its mobile app version. Attachments are usually still accessible through mobile devices and have the potential to be carrying viruses and or malware which are harmful to your devices. 

To top

FAQs

Falling Victim

 

Q: What should I do if I believe I am victim of a phishing scam?

A: If you provided your NDSU username and password, call the IT Help Desk at 701-231-8685 option 1 immediately – your password will need to be changed and your account inspected for any unwanted changes. If you gave the credentials for another institution, contact them so they can secure your account and watch for any suspicious activity.

Other Accounts

Q: Do I need to change my password for other accounts?

 

A: It is recommended you change the password for all accounts that utilized the compromised password. This may include accounts external to NDSU, such as your NDUS account or financial institution accounts.

Determining Phishing Emails

Q: What should I do if I am not sure an email is a phishing email or legitimate email?

A: Please forward the email to the ndsu.helpdesk@ndsu.edu for assistance with determining if the email is a phishing email or not.

Reporting Phishing Emails

Q: Who do I report phishing emails to?

A: If you have received a phishing email, forward it to ndsu.reportaphish@ndsu.edu, otherwise if you are unsure of its authenticity, contact the IT Help Desk at 701-231-8685 (option 1) or ndsu.helpdesk@ndsu.edu.

Spotting Phishing on Social Media

Q: What to do when someone requests to follow you on social media and you don't know him/her?

A: Keep the following tips in mind to protect yourself against social media phishing scams.

  1. Don't follow people you don't know.
  2. Assess their account. Red flags include:

    1. New account. Spammers are always creating accounts to reach more people. Sometimes social media will shut down accounts when they are reported by users as offensive or spammers. But it’s just as easy to open a new account.
    2. Few posts or followers. If the account doesn't post much or have many friends or followers, this could mean it is a newer account that was created for spamming, not engaging in relationships online.

  3. Ensure the social media account is official or verified. Most social media sites allow organizations and public figures to become "verified" or marked official. Look for a small blue circle next to the name with a checkmark inside like the official NDSU Facebook Page.

To top

Training Materials and Additional Resources

 

Training Toolkit

Learning Objectives
  • Define phishing and identify various types of phishing scams
  • Recognize common baiting tactics used in phishing scams
  • Examine real phishing messages
  • Understand how to protect yourself from being hooked by a phishing scam
Learning Materials
Test Your Phishing Knowledge

Take an anonymous quiz to test your knowledge. Immediate feedback helps you fine-tune your ability to protect yourself from phishing scams.

Spread the Word
  • Download posters to help raise awareness of phishing in your office or residence hall
Additional Resources

To top

References

  1. US-CERT: Report Phishing.United States Computer Emergency Readiness Team. Retrieved July 20, 2016.
  2. FTC Consumer Information: Phishing.The Federal Trade Commission. Retrieved July 20, 2016.
  3. Spear Phishing: Scam, Not Sport.Symantec Corporation. Retrieved July 20, 2016.
  4. Scamwatch: Whaling & Spear Phishing.Australian Competition & Consumer Commission. Retrieved July 20, 2016.
  5. The Nigerian Prince: Old Scam, New Twist.BBB of Metropolitan New York. Retrieved July 20, 2016.
  6. OCC: Advance Fee FraudOffice of the Comptroller of the Currency. Retrieved November 26, 2016.

To top


Student Focused. Land Grant. Research University.

Follow NDSU
  • Facebook
  • Twitter
  • RSS
  • Google Maps

North Dakota State University
IT Help Desk Phone: +1 (701) 231-8685
Administrative Calls Only: +1 (701) 231-7961 / Fax: (701) 231-8541
Campus address: Quentin Burdick Building 206
Physical/delivery address: 1320 Albrecht Blvd, Fargo, ND 58102
Mailing address: NDSU Dept. 4510 / PO Box 6050 / Fargo, ND 58108-6050
Page manager: Information Technology Services

Last Updated: Monday, August 14, 2017 11:09:15 AM
Privacy Statement