Northern Arizona University   Information Technology Services

ITS Info Online

Spring 2009

IN THIS ISSUE:

Front Page: From the CITO

The Power of No Power

ITS Offers Server Colocation and Support

Google Email for Students

Illegal Phishing and How to Report It

ABOR Purchases Security Tools

Upgrade to the New Microsoft Office Suite

Administrative Computing

New Name for Information Systems Training Team

Password Construction Guidelines

FERPA Changes Are Here

IRIS Unified Communications Pilot

New Name for Academic Computing Help Desk

PDF edition of this document (2.91Mb)

Illegal Phishing and
How to Report It

Phishing is the fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing schemes can be used by attackers for a variety of things. Here at NAU, attacks designed to gather user ids and passwords of accounts have been successfully used to take over email accounts and use them to send spam. Having an account stolen as a result of a successful phishing attack is very disruptive to the campus, as it usually results in all campus email being blocked by major email providers such as Hotmail and Yahoo. It’s particularly disruptive to the owner of the compromised account, as ITS must disable their access to prevent continued abuse of the account and investigate the extent of the break-in. In order to help minimize the impact of phishing attacks, it’s important for everyone to promptly and properly report them to the appropriate authorities.

The first step is to identify the appropriate authority.

  • If the message is spoofing an NAU department, report it to the NAU Solution Center or Student Technology Services Help Desk.
  • If the attack is spoofing an entity other than NAU, the attack should be reported to that agency.

The second step is to gather the appropriate information to be reported. Whether you are reporting a phishing attack to NAU or another agency, the person receiving the report will need the original message you received and the normally hidden email headers.

Here are methods to view and copy the header information using several popular email programs:

Outlook 2003/2008

While looking at the list of messages in your inbox, right-click on the phishing message. There should be an entry labeled Message Options… (or simply Options… in 2003). Select this and a new window will open. At the bottom of the window will be a text box containing the full email headers. Select and copy everything in the text box and paste it into the email you are about to forward. Make sure the email is addressed to the proper authority. Click Send.

Entourage

View the message. Then go to the Message -> Internet Headers menu item. This will display all the headers. Select and copy the headers. Click your mouse in the forwarded message where you want to insert the headers and paste them in. The shortcut key to accomplish this is Command-Shift-H.

Mac Mail

View the message, then go to the View -> Message -> Long Headers menu item. The headers will be exposed in the email. Click anywhere in the headers, and select and copy them. Click your mouse in the forwarded message where you want to insert the headers and paste them in. Repeat the View -> Message -> Long Headers action to turn off showing full headers. The shortcut key to turn on and off exposure of headers is Command-Shift-H.

Thunderbird

While viewing the message, go to the View -> Message Source menu item. This will open a separate window with the entire message including headers and HTML formatting exposed. Select and copy this text, open a new message, and paste everything in as the body of the message.

Office Web Access (OWA)

Bring up OWA in Internet Explorer so that you get the full OWA version. Double-click on the message in the inbox so the message opens in its own window. At the top of the window will be several icons. One of them is the Message Details icon. It is a picture of an open envelope with a sheet of paper superimposed over the right side of the envelope. It’s just to the left of the Printer icon. Click the Message Details icon, and a new window will open. At the bottom of the window will be a text box containing the headers. Select, copy, and paste the headers into the email with the forwarded phish message.

The final step is to forward the original email and the header information to the appropriate agency.

  • Report phishing attacks spoofing NAU to the Solution Center with the email address ask-its@nau.edu, or the Student Technology Center Help Desk at acad-help@nau.edu.
  • If the attack is spoofing a company other than NAU, a commonly available email address for this is the Abuse address. Many companies on the Internet have an Abuse account for reports of misbehavior like phishing attempts. To send email to this account, you must first identify the company’s Internet name. This should be the same as the name of their main web site, without the “www” prefix. For example, the Arizona State Credit Union’s web site is www.azstcu.org. Their abuse account is abuse@azstcu.org

If you encounter difficulty following these instructions, or just feel you need an extra helping hand, call the Solution Center at 3-1511 or Student Technology Center Help Desk at 3-9294. Someone will be glad to assist you in working through this process.

—Lou Arminio

ITS Info is a publication of the Information Technology Services (ITS) department of NAU. Editor: Don Olson. Entire contents copyright © 2009 Northern Arizona University. Some images © 2007 www.clipart.com. Send comments or suggestions to Ask-ITS@nau.edu.

To contact ITS:

Faculty: 928-523-1511
Students: 928-523-9294
Statewide: 888-520-7215
Blue horizontal bar
Americans with Disabilities Act friendly logo Web Page Contact: ITS-Editor@nau.edu
© 2009 Northern Arizona University - Information Technology Services