...
Table of Content Zone | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Protect your InformationIf you believe you've received a phishing email, you should take the following steps:
Reset your PasswordIf you've followed a link in the email and entered your Odin username and password, follow the procedures on Reset your Odin account password to change your password and security questions immediately. If you use your Odin password for any other web services, OIT recommends that you reset the password there as well (for example, if you signed up for Facebook using your PSU email and Odin password, you should also reset your Facebook password). Report the EmailForward the email to security@pdx.edu. Your report will be investigate, and will help prevent many others on campus from falling victim to the attack. Mark the Email as Phishing or SpamGmail provides a quick, easy way to mark emails as phishing or spam from within the web client. This will help everyone using Gmail, as it teaches the system which emails to block. To mark an email as phishing, go to mail.pdx.edu and follow the procedures in Google's article Prevent & report phishing attacks. You should be careful with this feature as it generates alerts which a human review. Only use “report as phishing” if you’re reasonably certain of a malicious intent which impacts the security of your account, or the accounts of others. If your contacts tell you that they've received phishing or spam emails from you, ask them to forward a copy of the message to abuse@pdx.edu, and ask them to take the same steps listed above and contact the Helpdesk if they have any questions. Recognize Phishing EmailsThe following factors can help you determine if an email that appears to be from PSU is legitimate or phishing: Requests for your Odin PasswordOIT employees will never ask you for your password. You should be suspicious of any email that asks you to provide login information. Exciting or Upsetting StatementsPhishing scams often rely on alarming (but false) statements to incite an immediate reaction from recipients. This could include warnings that your accounts will be suspended/deleted, that a delivery of goods/money is waiting for you, or that your information has been compromised elsewhere and needs to be verified. Incorrect Spelling and GrammarPhishing and other untrustworthy emails can often be identified by their incorrect grammar or spelling. Many times these types of emails are not written in clear, professional English. Examine the content of these emails for strange, unnatural wording. This can be a sign that the email is not an official PSU communication. Strange URLsIf the email contains links to other pages that ask for information, hover over the link and check the bottom of your browser window to examine where the link will take you. Secure PSU login pages will have URLs that begin with "https://" (for example, https://oam.pdx.edu or https://sso.pdx.edu). If the URL looks strange to you, do not follow the link. Visit Understand web addresses for more information on URLs. Unsecured PagesIf you've already opened the link in the email, examine your browser's address bar. Secure PSU pages will display either a green padlock or a green bar to the left of the URL that says "Portland State University". If you select on this green bar, it will display detailed information about the website's verified identity. Attachments from Unknown SendersBefore downloading or opening any attachments in an email, verify that you know the sender and that the email itself does not appear suspicious in any way. If you're unsure, check with the sender directly to make sure that the attachment is legitimate. People who phish often hope to trick you into downloading files that will scan your computer for personal information and send it back to them. Dissonant Sharing NotificationsA sharing notification from Google Workspace or other similar services which makes mention of a person in a position of authority but actually comes from someone else. Invoices From Services You Don’t UseThese fake invoices intend for you to call the listed phone number and then divulge your credit card number so they may defraud you. Related Articles
|
...