Spear Phishing Email Alert

 

Please be advised that a number of Spear Phishing emails have made it through the Microsoft Office 365 system SPAM filters. 

Spear Phishing is an email spoofing fraud attempt that targets a specific organization seeking unauthorized access to confidential data.  While spear phishing is similar to a phishing email, the messages are typically more personalized, making it appear that they are from a person or organization that you are familiar with --a trusted source.  The success of spear phishing hinges on its ability to appear authentic and how logical the request seems to be.  Everyone with an email address is a potential target. 

The Office of Information Technology continues to make improvements in information security, however, the best defense against these attacks is knowing how to spot and report them.

Please be vigilant when dealing with emails containing links or attachments, especially those purporting to be from the University of Guam or from our Helpdesk asking you to click on a link.

 

WHAT IS REQUIRED OF ME?

If you have received a spear phishing email and you clicked on the link and provided your university credentials (username and password), please contact the IT Helpdesk at(671) 735-2640 or helpdesk@uog.edu so that IT staff can check your university account and perform any necessary information security actions.

If you are unsure of the authenticity of an email you received, please don't hesitate to contact the Office of Information Technology for advice.

Below are some ways to identify a fraudulent email:

1. Expect the unexpected: Examine the email carefully.  If it is too good to be true, it is a form of phishing. Don’t hesitate to contact the Office of IT to confirm that such emails are legitimate.
   
   
2. Name check: Be wary if you receive an email from someone you don’t know directing you to a website especially if that person is urging you to give up your password, username, account information, financial information, etc.
   
   
3. Don’t click on unrecognized links/attachments: The hyperlinked URL is different from the one shown when you hover the mouse over the link.  If you receive an email that looks in any suspicious, never download the attachment.
   
   
4. Poor spelling and/or grammar: One of the most common signs that an email isn’t legitimate.  For example, “Dear Office365 Costumer” instead of “Dear Office365 Customer.”
   
   
5. Email urges you to take immediate action: A phishing email tries to trick you into clicking a link by claiming that your account has been closed, almost exceeded its limit, or to a similar extent and requires your immediate attention.
     
   
   

QUESTIONS?

If you have any questions, please contact the IT Help Desk at (671) 735-2640 or helpdesk@uog.edu.