December 7, 2015

Be aware of targeted 'spearphishing' emails


Information Technology Services is asking all of UNL to exercise caution when opening emails. UNL has experienced continual targeted phishing attempts that have been thwarted largely due to awareness among faculty and staff. Some emails even claim to come from campus security staff. Phishing emails can be fairly easy to detect by looking out for a few simple pointers.

What to look for

  1. Be skeptical. Is the email unexpected? Criminals like to use the element of surprise and often send “Alerts”, “Warning-over quota” and similar IT-related messages. They also take advantage of the time of year: holiday shopping, tax season, and school semester starts and endings. One tip-criminals are often terrible spellers. If you see misspellings in the subject line or the body of an email, it could be a phony.

  2. Is it asking you to click a link and enter credentials? Don’t do it. If you need to access any online service, manually type out the web URL in a browser to ensure you are going to an authentic site. Hover over the link in an email-you’ll see where the link will take you. Criminals set up phony websites that ask for and capture login credentials and other personal information. UNL will NEVER ask for your login/password for any reason.

  3. “But I know the email sender.” But you may not. Email addresses can be spoofed or worse, actual accounts can be compromised, giving the criminal full access. If you have received an email from a known individual that does not appear to be legitimate—call them via a known or directory phone number.

  4. Have you received a suspicious email? Send it to security@unl.edu. We’ve received many of these emails from alert faculty and staff members who have learned to spot the phonies. When security is aware we can block access to fraudulent sites on the UNL network, issue take down notices to the site’s hosting companies and block the email senders.

To learn more and see the latest phishing emails, go to http://go.unl.edu/phishing

If you have additional questions or concerns, call the Computer Help Center (402) 472-3970 or toll-free (866) 472-3970 mysupport@unl.edu