Information Technology Division
Image of a circle

Phishing Information

Return to Information Security Home

如果你认为你已经落入了网络钓鱼的企图,该怎么办

如果你怀疑你已经落入网络钓鱼企图提供任何大学信息或帐户凭证, or have downloaded suspicious content, please contact your local academic technology team or the IT Service Desk at 973-655-7971, option 1, or by email at itservicedesk@hebhgkq.com 报告事故并获得额外指导.

如果您提供了任何财务或个人身份信息,如银行账户或社会安全号码,这些信息可能被用于身份盗窃, please contact University Police at (973) 655-5222 or msupolice@hebhgkq.com to file a report.

Please Note

如果您使用或提供了您的NetID用户名和密码,以回应网络钓鱼骗局, immediately change your NetID password via the NetID Account Management Center.

What is Phishing?


Phishing is an email, phone call, 或基于短信的攻击,其目的是欺骗收件人提供信息.

然而,潜在的网络钓鱼邮件是一个信息安全问题, only if the recipient has reacted to the attempt by:

      1. 通过电子邮件回复或点击电子邮件中的链接提供任何信息或凭据,并向网页或表单提交信息.
      2. 下载和/或打开电子邮件中的任何附件或下载由于点击电子邮件中的链接而产生的任何文件.
What is SPAM?


SPAM is unsolicited email as related to advertising, service offerings, social or political causes, etc. 垃圾邮件通常不会通过回复或点击链接要求您提供任何信息或要求您提供个人或帐户相关信息. 垃圾邮件可以简单地删除,或者您可以将邮件标记为垃圾邮件在Gmail或在您的首选消息客户端. While it may be annoying to receive, 垃圾邮件通常不被认为是一个信息安全问题 does not need to be reported to the IT Service Desk.
How to Report a Phishing Attempt (GMAIL)


如果您只打开(读取),但没有与上述潜在的网络钓鱼消息交互, 消息不需要报告给IT服务台. 如果您使用的是Gmail,您可以向谷歌报告该消息:
      1. 在查看消息时,单击消息右上方的三个垂直点.
      2. Click “Report phishing”

如果这没有自动从您的收件箱中删除电子邮件,您可以继续删除电子邮件.

If you did interact with the message (i.e. 点击链接,打开附件,或提供信息),请参阅上面的第一部分。如果你认为你已经落入了网络钓鱼的企图,该怎么办“.

Signs of Phishing

  • 可疑的寄件人地址,可能模仿一个合法的业务
  • 通用的问候和签名以及签名块中缺少联系信息
  • 当鼠标悬停在欺骗性超链接和与文本不匹配的网站上时
  • 拼写错误,语法或句子结构差,格式不一致
  • 可疑附件或下载并打开附件的请求
Types of Phishing Attacks

  • Spearphishing:通过包含个人的关键信息来针对个人的网络钓鱼
  • Whaling:针对知名人士窃取敏感和高价值信息的网络钓鱼
  • Vishing:通过语音通信引诱受害者参与对话并建立信任的网络钓鱼
  • Smishing:通过短信让受害者点击链接进行网络钓鱼, download files and applications, or begin a conversation
Tips for Identifying a Phishing Attack

  • Be on the lookout for common signs of phishing
    • Check both the display name AND the email address. 攻击者经常试图分散受害者对虚假电子邮件地址(bob.jones@msu.com) by including a real display name (Bob Jones).
      • 攻击者使用可公开访问的目录信息冒充具有权威的人,例如您的经理或大学校长.
    • Prevalent spelling and grammatical errors. 合法的商业和营销品牌重视沟通,合法的电子邮件通常不会出现拼写错误或语法错误.
    • False information such as department names. 如果你从未听说过“学生注册办公室”,很可能是因为它根本不存在. Check with the campus directory.
    • 通过电子邮件回复或表单提供个人信息或凭据的请求. 所有中央和分布式校园信息技术资源都经过培训,不会要求用户提供个人凭据信息(例如.e. password to your NetID account) nor should you provide it. Ever.
  • Do not trust links in email (or texts)
    • 攻击者通常包含嵌入链接,试图将您重定向到恶意站点. The site could be a form asking for you to enter information, create an account, login using your credentials, etc. There are many different examples, however, they are all designed to steal important information from you.
    • 永远不要相信电子邮件或短信中的嵌入式链接(高亮显示为单词而不是URL/站点地址的文本). Always check the full URL to see if it appears suspicious. Do not open/follow the link if you are not sure.
      • To check the URL of an embedded link (The Hover Over Method):
        • From a computer, move your mouse pointer over a link without clicking. 链接的实际网址应该出现在浏览器窗口的底部或弹出窗口中.
        • From a mobile device running iOS (Apple) or an Android OS,您可以通过用手指或触控笔按下链接来评估嵌入的链接. A pop up dialog should appear and then let go. 对话框应该显示嵌入链接的完整URL和其他选项.
    • A safer approach is to manually type a known website into your browser. For example, if you receive an email purporting to be from your bank, 使用您的浏览器直接输入您的银行地址,而不是点击链接.
  • Do not trust attachments
    • 如果附件出乎意料或具有可疑的名称或文件扩展名, the sender’s account may have been compromised. Call the sender to verify the attachment before opening.
  • 不要拨打陌生发件人的电子邮件中列出的电话号码
    • 参考一个可靠的来源,比如账单,或者直接去公司的网站获取电话号码.
  • Assess the greeting
    • Was the greeting vague such as “Valued Customer”? 拥有你的客户信息的合法企业通常会使用更私人的问候语,包括你的姓和名.
  • Be mindful of the tone
    • 攻击者通常试图制造一种紧迫感,让接收者认为他们必须立即采取行动,这也会分散你对请求合法性的评估.