With the start of a new school year comes an increase in phishing attacks against Duke users. Phishing attacks use “spoofed” emails and fraudulent websites designed to fool recipients into divulging personal data such as credit card numbers, account usernames and passwords and Social Security numbers. Attackers will send messages appearing to come from banks, stores, shipping companies, the Duke help desk, and even friends. One of the latest tactics used by phishing attackers is to send Duke users to a Google Apps site and ask them to enter their NetID and password into a form. Duke would never ask a user to do this.
While Duke’s anti-spam/phishing appliances do catch a large number of messages, some still get through. For example, last month Duke received 116,146,522 email messages. Only 15.3 percent of those messages were classified as legitimate. The remaining 84.7 percent were spam, phishing or malware-containing messages.
Here are two examples of phishing messages that Duke users have received, and how to tell they are fraudulent
This attack happened April 2012. It appeared to come from the Duke OIT Service Desk, but the link didn’t go to a Duke website. You can tell it is fraudulent for three reasons. First, the link went to an external website; second, the grammar used in the message had mistakes; and third, the Service Desk would not send an email to a user with a compromised account. They would contact the user directly or through a department’s IT support staff.
This phishing message appeared to come from President Brodhead, but there are three ways to tell this message was fraudulent as well. First, the link went to a non-Duke address, which turned out to be a Google application form asking for a NetID and password; second, the grammar had mistakes; third, the message appeared to come from firstname.lastname@example.org but asked to update your account information.
What can you do?
While Duke’s anti-spam appliances catch a large portion of these messages, and OIT continuously adjusts filters to help limit the spam and fraudulent messages getting through, some messages may continue to show up in your inbox. As such, here are several recommendations for protecting yourself.
- Do NOT click on any links in suspicious messages. The links could end up trying to install malware on your computer or convince you to give up your credentials.
- Check the sender email address and the “return to” email address. Sometimes the name used will appear normal, but the email address will be a random address created by the attacker to send the message.
- Report suspicious email messages to the OIT Service Desk (http://oit.duke.edu/help/).
October is National Cyber Security Awareness Month, and Duke’s IT Security Office is sponsoring a series of events and a contest to remind Duke faculty, staff and students to protect their personal information and data. Check security.duke.edu throughout the month to learn more.