Email Phishing and How to Report It
A Guide to Understanding and Reporting an Email Phishing Attempt
Phishing is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing schemes can be used by attackers for a variety of things. Here at NAU, attacks designed to gather user ids and passwords of accounts have been successfully used to take over email accounts and use them to send spam. Having an account stolen as a result of a successful phishing attack is very disruptive to the campus, as it usually results in all campus email being blocked by major email providers such as Hotmail and Yahoo. It’s particularly disruptive to the owner of the compromised account, as ITS must disable their access to prevent continued abuse of the account and investigate the extent of the break-in. In order to help minimize the impact of phishing attacks, it’s important for everyone to promptly and properly report them to the appropriate authorities.
The first step is to identify the appropriate authority.
- If the message is spoofing an NAU department, report it to the NAU Solution Center or Student Technology Services Help Desk.
- If the attack is spoofing an entity other than NAU, the attack should be reported to that agency.
The second step is to gather the appropriate information to be reported. Whether you are reporting a phishing attack to NAU or another agency, the person receiving the report will need the original message you received and the normally hidden email headers.
Outlook 2013 for Windows 7To view a message’s headers in Outlook 2013 for Windows 7, first open the message in a new window. Click on the “Home” button on the navigation bar and then select “Properties” from the Tags group. The headers are found in the “Internet headers” dialog box and can be copied and pasted from here.
Outlook 2010 for Windows 7The headers for Windows 7 Outlook 2010 can be found by selecting “Properties” from the File tab drop down menu in a new window for the Email in question. Headers are located in the “Internet headers” dialog box. Copy the headers and paste them into the email before forwarding it.
Outlook 2003/2007While looking at the list of messages in your inbox, right-click on the phishing message. There should be an entry labeled Message Options… (or simply Options… in 2003). Select this and a new window will open. At the bottom of the window will be a text box containing the full email headers. Select and copy everything in the text box and paste it into the email you are about to forward. Make sure the email is addressed to the proper authority. Click Send.
Outlook 2011 for Mac:To view and obtain headers for Outlook 2011 Mac, right click on message from the inbox and select “view source” from the drop down menu. This will bring up the corresponding headers in a separate window as a text file. Highlight the headers and copy them to be pasted in to the email before forwarding it.
EntourageView the message. Then go to the Message -> Internet Headers menu item. This will display all the headers. Select and copy the headers. Click your mouse in the forwarded message where you want to insert the headers and paste them in. The shortcut key to accomplish this is Command-Shift-H.
Mac MailView the message, then go to the View -> Message -> Long Headers menu item. The headers will be exposed in the email. Click anywhere in the headers, and select and copy them. Click your mouse in the forwarded message where you want to insert the headers and paste them in. Repeat the View -> Message -> Long Headers action to turn off showing full headers. The shortcut key to turn on and off exposure of headers is Command-Shift-H.
Office Web Access (OWA)
Bring up OWA in Internet Explorer so that you get the full OWA version. Double-click on the message in the inbox so the message opens in its own window. At the top of the window will be several icons. One of them is the Message Details icon. It is a picture of an open envelope with a sheet of paper superimposed over the right side of the envelope. It’s just to the left of the Printer icon. Click the Message Details icon, and a new window will open. At the bottom of the window will be a text box containing the headers. Select, copy, and paste the headers into the email with the forwarded phish message.
The final step is to forward the original email and the header information to the appropriate agency.
- Report phishing attacks spoofing NAU by reporting it to the ITS Solution Center at firstname.lastname@example.org, or to the Student Technology Center at StudentComputing@nau.edu.
- If the attack is spoofing a company other than NAU, a commonly available email address for this is the Abuse address. Many companies on the Internet have an Abuse account for reports of misbehavior like phishing attempts. To send email to this account, you must first identify the company’s Internet name. This should be the same as the name of their main web site, without the “www” prefix. For example, the Arizona State Credit Union’s web site is www.azstcu.org. Their abuse account is email@example.com.
Security for your computers and information, including SSL certificates.