Jump to other news and events
Purdue signature

Recent phishing attempt serves as reminder to exercise caution when opening email

Thousands of students, staff and faculty received a malicious email in October containing an attachment, disguised as a Purdue vehicle authorization form, that had the capacity to destroy files stored on individuals’ personal and shared network drives.

Fortunately, few people opened the attachment and activated its malicious payload. Purdue’s IT security, messaging and storage teams, desktop support staff, and representatives from security firm McAfee were able to quickly identify and isolate infections, preventing the malware from doing the broad damage for which it was intended.

But this recent phishing attempt serves as a reminder to exercise caution when opening emails, especially because phishing is becoming more frequent and sophisticated, says David Shaw, Purdue’s chief information security officer.

“Known as ransomware, this recent phishing attempt was particularly nasty because infected users were in danger of losing their personal files forever,” Shaw says. “Moreover, individuals with files stored on a drive shared by someone who opened the attachment also were at risk. The University has many security tools in place to help detect, block and communicate known phishing attempts, but we also rely on the Purdue community to be cautious when opening email messages.”

Although some phishing messages are intended to install malware, others may be designed to hold files hostage or steal credentials. A recent example occurred at Michigan State University, where perpetrators made changes to employees’ direct-deposit designations after acquiring information through a sophisticated phishing attack. 

“Sometimes the real effect of a successful phishing attempt is not seen for several days, so we encourage individuals to be proactive participants in defending Purdue’s data and systems,” Shaw says.

Here are seven questions to ask when browsing your inbox. The more red flags you see in an email, the more likely it's not legitimate.

  • Does the message contain general salutations and signatures? Most phishing attempts begin with generic phrases like “Greetings valued customer,” or “Dear account user.” Most legitimate companies, on the other hand, will include an intended recipient’s name in their correspondence. Another indication of phishing is a general signature at the end of the message, such as “Purdue Messaging Group.”
  • Are the URLs legitimate? Emails containing Web links should always be questioned. One way to verify a link’s legitimacy is to hover your mouse cursor over embedded links and make sure the link uses encryption (https://). Also, if a link in the text isn’t identical to the URL displayed when you hover the cursor over the link, that’s a sure sign it’s taking you somewhere you don’t want to go. Another best practice: open a new browser window and visit a site directly by pasting in its Web address, or URL, rather than simply clicking the link in an email and going wherever it takes you.
  • Is the sender requesting personal information? Providing personal information through email or by phone in response to an unsolicited request is always a bad idea. Messages soliciting passwords, Social Security numbers and other personal information are scams.
  • Is the email asking you to take immediate action? Hackers want you to respond without thinking. Phishing emails might even claim a response is required within a short timeframe because your account has been compromised. Watch out for language directing you to update an account, download an attachment, visit a website, provide personal information, etc.
  • Does the message contain suspicious attachments? Legitimate organizations, including Purdue, rarely send attachments via email. Opening attachments can cause automatic malware downloads or lead to compromised personal information. High-risk attachment file types include: .exe, .scr, .zip, .com, and .bat.
  • Is the email making promises that seem too good to be true? Then they probably are. Any message offering to put money in your bank account with a single click is a scam.
  • Are there misspellings or typos? An email from a legitimate organization should be well-written. Grammar and spelling mistakes are red flags.

What to do if you receive a phishing email: When you see suspicious email in your Purdue inbox, report it to abuse@purdue.edu with the original email attached to preserve its header information. Doing so helps Purdue’s security team review the message and advise if it is legitimate. The security team also can take measures to block fraudulent websites.

To attach an email in Windows using Outlook with Purdue’s Exchange service, create a new message and choose “Attach Item” from the dropdown list on the message menu bar. Then select “Outlook item,” and attach the email in question.  On a Mac, right click or control click on the suspicious message and choose “Forward Special” and “As Attachment” from the dropdown list.

Writer: Andrea Thomas, ITaP technology writer, 765-496-8204, thomas78@purdue.edu

Source: David Shaw, chief information security officer, 765-496-8289, shaw46@purdue.edu

Last updated: Oct. 25, 2013