Phishing Awareness


 

 

What is Phishing?

 

Phishing is a form of cybercrime that uses email and other communication mechanisms to trick people into divulging personally identifiable information, or PII.  PII is data that, either on its own or when combined with other data, can be used to identify a specific individual.  Social security numbers, bank account numbers, credit card numbers, medical records, educational records, mailing addresses, biometric records, and username password combinations are all examples of PII.

 


 

How Does Phishing Work?

 

Cybercriminals pose as legitimate businesses or organizations and send socially engineered messages to trick their victims into:

  • Providing their credentials (username and password) or other personally identifiable or private information

  • Launching malicious files on their computers 

  • Opening links to infected websites

  • Opening attachments that do things like plant malware onto the user’s device that steals credentials and other PII directly by collecting this data when it is entered by the user

While the majority of phishing messages are delivered via email, they can also come from other sources, including:  

  • Phone calls/Voicemails

  • Fraudulent software (e.g, fake anti-virus)

  • Social Media messages (e.g., Facebook, Twitter)

  • Advertisements

  • Text messages


 

Why Phish UNH?

Universities like UNH store and manage hundreds of thousands of records containing PII, which means we are a target rich environment.    The market for stolen PII is enormous and a single piece of stolen PII can sell for anywhere from a couple dollars to a couple thousand dollars, depending on the type of information.  This makes UNH a lucrative target for phishers. 

 


 

How Does Phishing Endanger UNH?

Phishing is one of the top cybersecurity threats the University faces because it is often the primary attack vector used to obtain the information needed to launch other types of attacks.  Simply opening an email, replying to an email, voicemail, or text, opening an attachment, or clicking on a link in a phishing message poses a serious security risk to you and the University as a whole.

 

Some of the risks involved are:

  • Identity Theft: 

    • Once you provide your personal information in response to a phishing attempt, this information can be used to access your financial accounts, make purchases, or secure loans in your name.  

    • Additionally, stolen PII can be a reportable breach for the University, which can pose a significant financial risk for UNH.

  • Compromising Institutional Information:

    • If your University IT account is compromised, cybercriminals may be able to access sensitive institutional information like research data.  

    • Credentials obtained via phishing attacks can be used to get inside the UNH network making it easier for cybercriminals to launch lateral attacks aimed at gaining access to secure resources.

  • Loss of data: 

    • Some phishing attacks will attempt to deploy crypto malware on your machine, also known as ransomware, which is malicious software that encrypts the files on a computer and denies owners access to their files until they pay a ransom.  

    • Ransomware attacks can result in the loss of personal data as well as institutional and/or research data that is improperly stored on a single user device.

  • Malware infection: 

    • Some fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. 

    • Others may install keystroke loggers that record your computer activity including entry or usernames and passwords including those used to access your UNH accounts and any personal accounts (like your bank website) that are accessed via that device. 

  • Compromising Personal Information: 

    • If your personal information is accessed, attackers will scan your accounts for personal information about your contacts and will in turn attempt to phish for their sensitive information. 

    • Phishers may also send emails and social media messages from your accounts in an attempt to gain information from your family, friends, and colleagues.


 

How to Spot a Phishing Message

 

There are often clues hidden in a phishing message that you can use to determine if a message you have received is a phishing message including:

  • The message creates a sense of urgency meant to inspire a quick user response, generally by indicating the user needs to take action immediately in order to:

    • Avoid a negative consequence like having email access shut off

    • Get a positive benefit like a financial incentive

    • See or learn something exciting or forbidden

  • Most phishing messages include at least two of the following telltale phishing features:

    • Lists a sender that differs from the email address it is sent from

    • Claims to be from a legitimate company but comes from an email address that is not linked to that company (i.e. claims to be from DHL but comes from a gmail account)

    • Has no branding of any kind (UNH or other company Logo, email signature, etc.)

    • Includes references to UNH departments or services that do not exist (UNH Health Center instead of UNH Health Services)

    • Uses unusual words, syntax, or phrasing; contains simple spelling and grammar mistakes

    • Includes direct links to log in pages

    • Includes an attachment with a generic name

For more information on spotting phishing messages, review How to Spot a Phishing Email in the UNH IT Knowledge Base


 

What to Do if You Receive a Phishing Message

 

Confirm It 
  • Check The Phishbowl to see if it is a known phishing email

  • Legitimate University communications that have been reported as phishing are also posted here for your reference

  • If you don’t see it on The Phishbowl, Don’t Assume it is Legitimate!  It may be an unknown phish that hasn't been reported yet.

Report It
  • If you are unsure about a message and you cannot confirm it is legitimate, forward it to phishing.report@unh.edu and then delete the message.

  • If you click a phishing link or open an attachment, report it to ISS by calling the UNH IT Service Desk.  Sometimes just clicking the link is enough to compromise your device even if you don’t enter your credentials.

Think Twice....Before Entering Your Credentials
  • Always confirm a log in page before entering your credentials

  • Some Phishing messages provide links to a fake UNH branded log in page that look just like the real one

  • Others provide log in pages with UNH branding

  • Keep your credentials safe by following these steps:

  • If it is a log in page for a UNH service, search myUNH for that service and use the information found there to confirm the legitimacy of the log in request and the page itself

  • Contact the UNH Service Desk at 603-862-4242 and request assistance in confirming the log in page that should be used for a specific service or application

  • If it is a log in page for another company, go to the company’s website and log in from their official site

  • If you aren’t sure, DO NOT enter your credentials!


 

Phishing Resources

The Phishbowl

 

The Phishbowl provides UNH users with a self-service way to determine if an email they have received is a known phishing attempt.

Phishing Training Modules (Coming Soon)

 

  • Spear Phishing

  • Advanced Spear Phishing

  • Social Engineering

  • Social Media

UNH IT Knowledge Base Articles 

 

 

For questions about Phishing or to arrange in-person training for a department or group on campus, contact ISS