How to determine a Phishing or Spam email

Spam or Phishing:

Spam is any unwanted email. It is not necessarily malicious.

Phishing is malicious. It goes beyond spam and tries to either infect the computer with malware or steal login credentials.

Phishing emails usually convey a sense of urgency. They want the person to take some immediate action.

  • Click here to activate your account, or authorize delivery
  • Download this overdue bill, or here is the receipt for your new $1,000 iPhone purchase 

Identifying phishing:

  • Does the from address match the context of the email? 
    • A PayPal notice from some random Gmail account is not legitimate.
  • If there is a link, does it match the from address?
    • A from address of business xyz.com and a link to a document on some other business would be a red flag
  • Is the context of the email urgent?
  • Is the context unusual for SVSU – ‘confirm your account’, ‘over quota’

If it looks like it could be true phishing – proceed to Phishing Escalation Process.

If it is SPAM and there are more than 10 of the same SPAM email proceed to the SPAM Search and Destroy Process

 

Do not click on any links or attachments in the ticket, except the .eml!

 

Phishing Escalation Process

Steps to convert a Phish Alert to a Phishing Investigation

  1. Copy the "Phish Alert" ticket, save it and change the Form to Phishing Investigation
  2. Assign to Information Security / John LaPrad
  3. Actions --> Edit Classification.  Change it to Major Incident
  4. +Add Task --> Task Template.  Phishing Investigation Task Builder
  5. Assign the Child Tickets to the Major Incident
  6. Assign ownership of the Child Tickets to Information Security / John LaPrad 
  7. Post Major Incident to the INFT-ITS-Department --> ITS Major Incident - Problem Resolution Channel
  8. If Support Center Phishing Investigation task proceeds, Support Center will assume ownership

SPAM Search and Destroy Process

Steps to create the SPAM Search and Destroy Ticket

  1. Open the SPAM email ticket and change the Form to EMAIL Search and Destroy 
  2. Assign the Child Tickets to the Major Incident
  3. Assign ownership of the Child Tickets to System Administration Services 
  4. Post Major Incident to the INFT-ITS-Department --> ITS Major Incident - Problem Resolution Channel

For more information: 

Details

Article ID: 130602
Created
Thu 3/18/21 1:52 PM
Modified
Tue 5/4/21 8:45 AM