Information Security
Page tree

Did I Get Phished?


Receiving a phishing message does not mean you have been phished. However, opening files, clicking a link, or interacting with phishing emails is a cause for concern. In some cases, users find themselves on a malicious site and even entering personal or account related information or credentials. 

If you did interact with a phishing email, don't panic. You are not alone!  Attackers are getting pretty crafty these days and messages can replicate internal communications and can even appear to be coming from a legitimate '@syr.edu' email address. Many people have fallen victim to these emails and have been tricked into giving away their passwords or account information.

To secure your account after interacting with a phishing email follow the steps on this page. They are aimed to assist you in securing your account and to protect yourself, your information and your identity.

Please be sure to report any suspicious emails, activity, or concerns you have been phished to itsecurity@syr.edu


Steps to Securing Your Account After a Phishing Attack




Step 1: Change Your Passwords


Immediately change your Syracuse University (NetID) password. To do so, visit the NetID self-service page. Additional instructions and details can be found on the Password Change FAQ

Immediately change any passwords for any accounts indicated in the phishing message, if other than your Syracuse University account.

You should not be using the same password you use for your NetID anywhere else. If you do, change any passwords for any other accounts to different and unique passwords. 

Step 2: Check Your Email Rules


Attackers may attempt to add email rules to your account in an attempt to hide their activity from you.  To do this, they often set up rules to forward and/or delete email entirely or strategically from key individuals or University offices such as ‘ITS’, ‘Bursar” or ‘Payroll’.

Instructions to check inbox rules can be found on the Securing SUMail Account After Security Lock page

Please take note of what those rules are and provide them to the Information Security Department (see Step 4). 


Step 3: Verify MySlice Information


Attackers may attempt to change information related to your account including personal and financial information. Users should verify the following information has not been altered:

  • Names
  • Addresses
  • Any financial records (including verifying refund requests)
  • Direct deposit information (if applicable)


Step 4: Notify ITS Information Security 


The ITS Information Security Department depends on the Syracuse University community to help detect and protect against phishing attacks.  Taking a brief moment to send us an email may help protect many others from the attack.  Simply forwarding the message to ITSecurity@listserv.syr.edu is helpful, but providing additional information as shown below will help us better protect other individuals and your access. 

  • Have you already changed your password? Letting us know that you’ve already changed your password may prevent us from locking your account if we detect your original password being compromised.

  • Provide the original email headers. Headers contain detailed mail routing information that we can use to investigate the attack.  Instructions on obtaining the headers can be found on the Answers “Sending Email Headers” page.

  • What  information you provided.  Did you provide your SSN?  Your date of birth?  Your name?  Your NetID/Password?   We don't need the actual information, but letting us know the type of information you entered helps us to understand the scope of the attack.

  • The content of your inbox rules.  If you found malicious rules (rules you did not setup) in your email box, letting us know what those were will help us detect other accounts that have been compromised.

Step 5: Reduce Threats to Your Identity


Several external resources are available to reduce threats to your identity in the event you have provided personal information to attackers or you simply want to be aware of identity related protections. They include but are not limited to:

Step 6: Minimize Future Threats


For ongoing account protection, be proactive and aware regarding the following:

  • Enable two-factor authentication for your online accounts. This will protect you against unauthorized use of your credentials, even if they are stolen. For your University Office 365 , visit NetId.syr.edu and click Two-factor Opt-in.

  • Be suspicious of any email from senders you don’t know, or that seems out of character for the sender. Verify that the sender is actually who they appear to be before clicking on any links or attachments.

  • Be cautious of financial requests. Any request for money or goods is bound to be fraudulent. If it claims to be from a campus member, contact them or their office to verify first, or check with Information Security.

  • Verify links and URLs. You should verify links before clicking them by hovering your cursor over the link and examining the URL. If you don’t recognize the URL, don’t click it.

  • Never open attachments unless they are from someone you know or are otherwise expected.

  • Delete any suspicious emails, before opening them if possible.

  • Don’t enter your username and password (especially your University NetID) to access any website. If you are not 100% sure its a valid site, don't enter your information. In particular, you should be suspicious of email messages that have links to sites that ask you to use your University NetID and password to log in.

  • Keep your computer software updated and patched. Setting up automatic updates is recommend where possible including for antivirus software.

  • Make sure your computer’s firewall is installed and running. 

  • Do not give passwords or MFA codes. Remember that nobody at Syracuse University will ever ask for your NetID password or for you to provide them a multi-factor authentication code for any reason, in any form other than when you’re logging in to an SU system. If somebody does, they're not representing the University or any of its offices. Report any occurrences to itsecurity@syr.edu.



Getting Help


For assistance with the information above, contact the ITS Help Desk at 315-443-2677,  help@syr.edu, or by stopping into 1-227 CST. Stay up-to-date on the latest phishing activity on the ITS website.

Top

  • No labels