Phishing Awareness



What is Phishing?


Phishing is a form of cybercrime that uses email and other communication mechanisms to trick people into divulging personally identifiable information or PII.  PII is data that, either on its own or when combined with other data, can be used to identify a specific individual.  Social security numbers, bank account numbers, credit card numbers, medical records, educational records, mailing addresses, biometric records, and username password combinations are all examples of PII.

Phishing Statistics:

  • 1 in 14 users were tricked into following a link or opening an attachment, and a quarter of those fell victim more than once. (1)
  • Almost half of the confirmed breaches in the education sector involved social engineering tactics.  (1)
  • Phishing is the most prevalent social engineering tactic used against educational institutions.  (1)
  • 90+% of phishing attacks are used to steal credentials.  (2)
1. Verizon Data Breach Investigation Report 2017
2.  Verizon Data Breach Investigation Report 2016



How Does Phishing Work?


Cybercriminals pose as legitimate businesses or organizations and send socially engineered messages to trick their victims into:

  • Providing their credentials (username and password) or other personally identifiable or private information

  • Launching malicious files on their computers 

  • Opening links to infected websites

  • Opening attachments that do things like plant malware onto the user’s device that steals credentials and other PII directly by collecting this data when it is entered by the user

While the majority of phishing messages are delivered via email, they can also come from other sources, including:  

  • Phone calls/Voicemails

  • Fraudulent software (e.g, fake anti-virus)

  • Social Media messages (e.g., Facebook, Twitter)

  • Advertisements

  • Text messages


Why Phish UNH?


Universities like UNH store and manage hundreds of thousands of records containing PII, which means we are a target rich environment.    The market for stolen PII is enormous and a single piece of stolen PII can sell for anywhere from a couple of dollars to a couple of thousand dollars, depending on the type of information.  This makes UNH a lucrative target for phishers. 



How Does Phishing Endanger UNH?


Phishing is one of the top cybersecurity threats the University faces because it is often the primary attack vector used to obtain the information needed to launch other types of attacks.  Simply opening an email, replying to an email, voicemail, or text, opening an attachment, or clicking on a link in a phishing message poses a serious security risk to you and the University as a whole.


Some of the risks involved are:

  • Identity Theft: 

    • Once you provide your personal information in response to a phishing attempt, this information can be used to access your financial accounts, make purchases, or secure loans in your name.  

    • Additionally, stolen PII can be a reportable breach for the University, which can pose a significant financial risk for UNH.

  • Compromising Institutional Information:

    • If your University IT account is compromised, cybercriminals may be able to access sensitive institutional information like research data.  

    • Credentials obtained via phishing attacks can be used to get inside the UNH network making it easier for cybercriminals to launch lateral attacks aimed at gaining access to secure resources.

  • Loss of data: 

    • Some phishing attacks will attempt to deploy crypto malware on your machine, also known as ransomware, which is malicious software that encrypts the files on a computer and denies owners access to their files until they pay a ransom.  

    • Ransomware attacks can result in the loss of personal data as well as institutional and/or research data that is improperly stored on a single user device.

  • Malware infection: 

    • Some fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. 

    • Others may install keystroke loggers that record your computer activity including entry or usernames and passwords including those used to access your UNH accounts and any personal accounts (like your bank website) that are accessed via that device. 

  • Compromising Personal Information: 

    • If your personal information is accessed, attackers will scan your accounts for personal information about your contacts and will in turn attempt to phish for their sensitive information. 

    • Phishers may also send emails and social media messages from your accounts in an attempt to gain information from your family, friends, and colleagues.


UNH's Phishing Awareness Program


UNH's Phishing Awareness Program provides UNH community members with a realistic phishing experience in a safe and controlled environment.  Periodically, UNH community members are sent simulated phishing emails that imitate real attacks.   This type of awareness training provides the University community with the opportunity to become familiar with and more resilient to the kinds of tactics used in real phishing attacks.

There is no penalty for falling for one of the simulations.  Those UNH community members who are susceptible to the simulated phishing attack will be notified that it is a simulation immediately and presented with educational material designed to decrease future susceptibility.   Any reporting on susceptibility is done in aggregation, only the members of the Information Security Services team that administer the program have access to information on specifics of susceptibility.

As the program progresses the University community as a whole should be able to better spot phishing attacks, both at home and in the workplace.

Contact UNH ISS for more information on this program. 



How to Spot a Phishing Message


There are often clues hidden in a phishing message that you can use to determine if a message you have received is a phishing message including:

  • The message creates a sense of urgency meant to inspire a quick user response, generally by indicating the user needs to take action immediately in order to:

    • Avoid a negative consequence like having email access shut off

    • Get a positive benefit like a financial incentive

    • See or learn something exciting or forbidden

  • Most phishing messages include at least two of the following telltale phishing features:

    • Lists a sender that differs from the email address it is sent from

    • Claims to be from a legitimate company but come from an email address that is not linked to that company (i.e. claims to be from DHL but comes from a Gmail account)

    • Has no branding of any kind (UNH or other company Logo, email signature, etc.)

    • Includes references to UNH departments or services that do not exist (UNH Health Center instead of UNH Health Services)

    • Uses unusual words, syntax, or phrasing; contains simple spelling and grammar mistakes

    • Includes direct links to login pages

    • Includes an attachment with a generic name

For more information on spotting phishing messages, review How to Spot a Phishing Email in the UNH IT Knowledge Base


What to Do if You Receive a Phishing Message


Confirm It 
  • Check The Phishbowl to see if it is a known phishing email

  • Legitimate University communications that have been reported as phishing are also posted here for your reference

  • If you don’t see it on The Phishbowl, Don’t Assume it is Legitimate!  It may be an unknown phish that hasn't been reported yet.

Report It
  • If you are unsure about a message and you cannot confirm it is legitimate, forward it to and then delete the message.

  • If you click a phishing link or open an attachment, report it to ISS by calling the UNH IT Service Desk.  Sometimes just clicking the link is enough to compromise your device even if you don’t enter your credentials.

Think Twice...Before Entering Your Credentials
  • Always confirm a login page before entering your credentials

  • Some Phishing messages provide links to a fake UNH branded login page that look just like the real one

  • Others provide log in pages with UNH branding

  • Keep your credentials safe by following these steps:

  • If it is a login page for a UNH service, search myUNH for that service and use the information found there to confirm the legitimacy of the login request and the page itself

  • Contact the UNH Service Desk at 603-862-4242 and request assistance in confirming the login page that should be used for a specific service or application

  • If it is a login page for another company, go to the company’s website and log in from their official site

  • If you aren’t sure, DO NOT enter your credentials!


Phishing Resources

The Phishbowl


The Phishbowl provides UNH users with a self-service way to determine if an email they have received is a known phishing attempt.

UNH IT Knowledge Base Articles 



For questions about Phishing or to arrange in-person training for a department or group on campus, contact ISS