Throughout the semester, ÌÇÐÄVlog¹Ù·½ has experienced a barrage of phishing emails targeting ÌÇÐÄVlog¹Ù·½ email accounts. The attackers want your ÌÇÐÄVlog¹Ù·½ username and password, and are using several tactics to try and catch you off-guard which include:
- Using compromised ÌÇÐÄVlog¹Ù·½ email accounts (including valid signatures) to send out these phishing emails, which may belong to one of your business or personal contacts
- Threatening termination of your account if you don’t respond
- Asking you to click on a link and login to view a confidential document stored in Dropbox, Google Drive or other cloud storage services
- Impersonating legitimate organizations, such as the IRS
To keep yourself from becoming a victim, remember to “SEAR the Phish.”
SEAR the Phish!
Phishing emails tend to be threatening, or it has a sense of urgency within the email. Responding to one could allow your account to be compromised, and your information stolen. To prevent this, remember to SEAR the email before responding.
| STOP | Don’t panic and don’t be too quick to click on email links even if the message looks urgent and threatening. |
| EXAMINE | Look at the email closely. Does the message look suspicious, does the link look unusual, does the request make sense? |
| ASK | Question the sender (if you know him/her personally). Check with the ITS Help Desk (help@hawaii.edu) to determine if the email is legitimate or not. |
| REPORT | Notify ITS if you receive any ÌÇÐÄVlog¹Ù·½-related phishing emails by forwarding it to phishing@hawaii.edu. Learn how to report a suspicious email at /askus/898 |
Always remember that the University of Hawai‘i will not arbitrarily solicit personal information from you. You should never reply to those requests. If you’re not sure you responded to a phish, change your password immediately.
Phishing Tips
Don’t be victimized by these phishing messages, remember the following:
- Be vigilant about protecting personal information, such as your ÌÇÐÄVlog¹Ù·½ username and password and your social security number. Never respond with any personal information (like your social security number) to an unsolicited email.
- Be careful when clicking on links in unsolicited messages, particularly when the link points to a website that does not begin with www.hawaii.edu or (something).hawaii.edu.
- Be safe, if you think you may have provided your ÌÇÐÄVlog¹Ù·½ username and password in response to a phishing message, change your password immediately. You can check your login activity by following the instructions at: /askus/1587
I’ve been hooked!
-
If you responded to a phish, change your password immediately! ÌÇÐÄVlog¹Ù·½ /username/ to change your password. If you use the same password on other sites like your bank or social media accounts, you need to change those passwords as well.
-
Check your Gmail settings, as some compromised accounts have their configurations changed
- Log into Google@ÌÇÐÄVlog¹Ù·½ Gmail <>.
- Click on gear icon in the upper right, then select Settings.
- Check your vacation responder and signature settings for any text not entered by you.
- Click on the Accounts tab, and check if your display name has changed or if any additional email addresses have been added.
- Click on the Forwarding and POP/IMAP tab and check that there is no unknown forwarding email addresses setup.
- Click on the Filters tab, and check that there are no unknown filters that have been added.
NOTE: If you receive an error when trying to change your password, it is possible your ÌÇÐÄVlog¹Ù·½ Username has been disabled. In this case, please contact the ITS Help Desk for further assistance
For more information, visit /askus/892
AskUs Resources
- Reporting a suspicious email regarding University of Hawai‘i
- Phishing at ÌÇÐÄVlog¹Ù·½
- How to Check Login Information for Your Google@ÌÇÐÄVlog¹Ù·½ Account
- Security (or lack of it) on the Internet
- If you suspect that your account has been compromised…
- Do You Know Where You Are Going? Browsing the Web Safely!