Avoid Phishing Attacks

Phishing emails look similar to legitimate communications from PSU administration or colleagues, but are actually an attempt by malicious entities to steal your information.

Phishing attacks are designed to fool people into divulging things like Odin account usernames and passwords, credit card details, and other sensitive information. They often appear to be document shared unexpectedly, or ask you to follow a link to a page that looks like an official PSU webpage and enter your Odin account credentials.

On this page

Protect your Information

If you believe you've received a phishing email, you should take the following steps: 

  1. Report the email.

  2. Mark the email as phishing or spam.

  3. Reset your password.

Reset your Password

If you've followed a link in the email and entered your Odin username and password, follow the procedures on Reset your Odin account password to change your password and security questions immediately. If you use your Odin password for any other web services, OIT recommends that you reset the password there as well (for example, if you signed up for Facebook using your PSU email and Odin password, you should also reset your Facebook password).

Report the Email

Forward the email to security@pdx.edu. Your report will be investigate, and will help prevent many others on campus from falling victim to the attack.

Mark the Email as Phishing or Spam

Gmail provides a quick, easy way to mark emails as phishing or spam from within the web client. This will help everyone using Gmail, as it teaches the system which emails to block. To mark an email as phishing, go to mail.pdx.edu and follow the procedures in Google's article Prevent & report phishing attacks. You should be careful with this feature as it generates alerts which a human review. Only use “report as phishing” if you’re reasonably certain of a malicious intent which impacts the security of your account, or the accounts of others.

You can also mark spam emails using the procedures in the article Mark or unmark Spam in Gmail.

If your contacts tell you that they've received phishing or spam emails from you, ask them to forward a copy of the message to abuse@pdx.edu, and ask them to take the same steps listed above and contact the Helpdesk if they have any questions.

Recognize Phishing Emails

The following factors can help you determine if an email that appears to be from PSU is legitimate or phishing:

Requests for your Odin Password

OIT employees will never ask you for your password. You should be suspicious of any email that asks you to provide login information.

Exciting or Upsetting Statements

Phishing scams often rely on alarming (but false) statements to incite an immediate reaction from recipients. This could include warnings that your accounts will be suspended/deleted, that a delivery of goods/money is waiting for you, or that your information has been compromised elsewhere and needs to be verified.

Incorrect Spelling and Grammar

Phishing and other untrustworthy emails can often be identified by their incorrect grammar or spelling. Many times these types of emails are not written in clear, professional English. Examine the content of these emails for strange, unnatural wording. This can be a sign that the email is not an official PSU communication.

Strange URLs

If the email contains links to other pages that ask for information, hover over the link and check the bottom of your browser window to examine where the link will take you. Secure PSU login pages will have URLs that begin with "https://" (for example,  https://oam.pdx.edu or https://sso.pdx.edu). If the URL looks strange to you, do not follow the link. Visit Understand web addresses for more information on URLs.

Unsecured Pages

If you've already opened the link in the email, examine your browser's address bar. Secure PSU pages will display either a green padlock or a green bar to the left of the URL that says "Portland State University". If you select on this green bar, it will display detailed information about the website's verified identity.

Do not enter your Odin credentials on any page that does not display either a green padlock symbol or a green bar in the browser's address bar. (Note: Mobile browsers may display a padlock image and the name "Portland State University" in green text above the address bar instead of a green bar.)

Attachments from Unknown Senders

Before downloading or opening any attachments in an email, verify that you know the sender and that the email itself does not appear suspicious in any way. If you're unsure, check with the sender directly to make sure that the attachment is legitimate. People who phish often hope to trick you into downloading files that will scan your computer for personal information and send it back to them.

Dissonant Sharing Notifications

A sharing notification from Google Workspace or other similar services which makes mention of a person in a position of authority but actually comes from someone else.

screenshot dissonant sharing notification

Invoices From Services You Don’t Use

These fake invoices intend for you to call the listed phone number and then divulge your credit card number so they may defraud you.