Malicious e-mails are the most common cyber-attack. There are several different types of malicious e-mails, including: phishing messages, fake job scams, and malicious attachments. Financial scams perpetrated over e-mail are also becoming increasingly common; these scams often target victims with promises of easy to earn money.

How to Protect Yourself

• Be suspicious of unsolicited e-mails, text messages, and phone callers. Use discretion when providing information to unsolicited phone callers, and never provide sensitive personal information via e-mail. If you want to verify a suspicious e-mail, contact the organization directly on a known phone number. Do not call the number provided in the e-mail.

• Only open an email attachment if you are expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious content could be packed inside.

• Check to see if the website is using https in the address bar. If a website is using http, it is not secure, and you should not enter any information on that website.

• Scammers constantly target individuals by email, but false unsolicited phone calls may also be used. Being wary of any communication that meets any of the above criteria will go a long way towards keeping your information and money safe!

• How do I report a Suspicious, Fraudulent, or Spam e-mail?

  • You can report a suspicious or unsolicited e-mail in Office 365 (web interface or desktop application.) Microsoft uses this information to stop other e-mails and block links in existing e-mails.

    • If you are reporting the e-mail in Outlook on the web, click the ‘Report’ button and click ‘Report Phishing’.

    • If you are reporting the e-mail in the Outlook desktop application, make sure you have the Report Message add-in applied to your account. Select the e-mail you would like to report, click Report Message, and select the category you would like to report the message as.

      • To apply the Report Message add-in, click the Get Add-Ins button on the tool bar, then search for Report Message. Click Add and Continue. After the process of applying the add-in is complete, the Report Message button should appear on the right-hand side of the ribbon.

    • You can report a Suspicious or Fraudulent e-mail to the Information Security Services (ISS) Group by taking one of these actions:

      • Forwarding the e-mail to abuse@okstate.edu or

      • Completing the Report a Suspicious or Fraudulent E-Mail

    • You can report a Spam e-mail to to the Information Security Services (ISS) Group by taking one of these actions:

      • Forwarding the e-mail to abuse@okstate.edu or

      • Completing the Reporting Spam E-mail

  • You can report an e-mail to the IT Helpdesk by composing a new e-mail message addressed to helpdesk@okstate.edu and dragging the suspicious or unsolicited e-mail to the new e-mail message; this method will allow the suspicious e-mail to be added as an attachment in the new mail item. You may also forward the suspicious e-mail to helpdesk@okstate.edu.

• What is a Phishing Message?

  A phishing message is a type of social engineering technique used as a fraudulent attempt to obtain sensitive information from a user. Information usually gathered includes login credentials, personal identifying information or even credit or bank information. Phishing usually is in the form of an e-mail, SMS (text message) or phone call.

• What is a Job Scam?

  A Job Scam is usually conducted via e-mail. The e-mail looks like the user is being offered a job. Sometimes they will look as if they come from a legitimate job site, other times it will be a simple job offer. Be wary of unsolicited job offers.

• What is a Malicious Attachment?

  Malicious e-mail or messages usually contain a link or a document for the user to visit or open. Then the user’s computer is infected with some type of malware that can steal sensitive information or cause havoc on the user’s system. Ransomware is common malware used to lock a user out of their system unless they pay the attacker money.

• What are characteristics of Malicious E-Mails?

  • An e-mail appears to be sent from a well-known company asking a user to verify their information because they suspect the user may be a victim to identify theft or an account compromise.

  • An e-mail with a link asking a user to provide their login credentials to a website from which the user receives legitimate services, such as a bank, credit card company, or even your employer.

  • A text message that asks you to call a number to confirm a ‘suspicious purchase’ on your credit card.

  • An unsolicited e-mail containing a link to a website or a document to download.

  • Spelling and grammar errors throughout the message.

  • Sentences in all caps/uppercase letters. Trying to grab the user’s attention that legal action will be taken if the user does not comply. This is a scare tactic.

• What is a Financial Scam?

  • Common types of financial schemes involve convincing you to pay money for some reason or another. The scam could claim to be in response to a tax audit or police investigation. They could also indicate you ‘won’ a prize, but need to pay a fee upfront before you can claim the prize.

  • Another type of financial scam involves the collection of personally identifiable information (PII), such as a Social Security Number (SSN) or birthday. Victims may end up experiencing financial loss and negative impacts to their credit scores.

  • Fraudulent job offers are also routinely used in financial scam e-mails. These e-mails often offer an unsolicited part time job opportunity. Victims who respond are usually asked to participate in some activity which ends up leaving them responsible for a financial loss.

• What is a Gift Card Scam?

  Recently, there has been an increase in the number of gift card scam e-mails received by our users. Numerous employees and students have been scammed out of personal and university funds by these e-mails. Recipients who respond to the initial e-mail and indicate they are available, usually receive a response from the same e-mail address. The response will indicate the sender is in a meeting, but they need an urgent task taken care of quickly. If the recipient responds and indicates they can help with the tasks, the sender usually responds and asks for the recipient to purchase a gift cards from an off-campus sotre as soon as possible with a promise to be paid back. If the original recipient agrees to purchase the gift cards, they are usually directed to reveal the redemption code on the back of the card and take pictures of the code. They are asked to send this picture to the original sender, who will resell the code to another party. After they have the codes, the original sender may continue to ask for more codes or abruptly stop contact.

• What are common factors in Gift Card Scams?

  A significant portion of the gift card scam e-mails received by OSU contain these common factors:

  • The e-mails appear to be sent from a supervisor or other person in authority. Common examples include supervisors, managers, directors, department heads, deans, and vice presidents. This person’s name is usually displayed as the sender.

  • While the sender appears to be from an OSU employee, the e-mail address will be from a non-OSU e-mail address. For example, the e-mail address may be similar to pete.okstate.edu@gmail.com. The @gmail.com e-mail domain indicates this is not an OSU e-mail address.

  • The e-mail subject is usually very short and asks if the recipient is available. For example, the subject like ‘Available?’ is commonly seen.

  The e-mail message is also usually very short and asks if the recipient is available for a quick task. Several of these messages are written in all lower case and also appear like they were written in a hurry.