What is Phishing

Phishing scams are fraudulent emails that attempt to trick you.

Below are several phishing campaigns run by the IT department to educate faculty and staff on how to recognize and defend against phishing attacks.

Campaign 12.14.2017

Email Sent

Campaign 1

Campaign 1.9.2018

Email Sent

Campaign 2

Campaign 2.6.2018

Email Sent

Campaign 3

Campaign 2.27.2018

Email Sent

Campaign 4

Campaign 3.15.2018

In this campaign, there are several ways to verify the safety of the content contained within the email.  First refer to Campaign 12.14.17 to verify links are safe to click on within the email.

If you clicked the malicious link this campaign took you to what appears to look like a Google login screen.  However, there are two ways you can tell that this is not really Google's website.  First, if you look closely at the URL and you will notice that this is not something Google would do. (insert URL Image) Secondly, this webpage is lacking a lockpad to verify that the connection is secure.

These are examples of what to look for when a connection is insecure. (Insert browsers without lockpads)

A secure connection will have a lockpad to signal the connection is secure and your password will be safe in transmission. However, please note that attackers can use a secure connection to give you a false sense of security.  Make sure to verify the URL is legitimate.  When it doubt ask!

These are examples of what to look for when a connection is secure. (insert browsers with lockpads)

Campaign 5

Campaign 5

Campaign 4.17.2018

Email Sent

Campaign 6

Campaign 5.8.2018

This campaign was designed to be more memorable by rather than listing a phishing test page, we mimicked a cliché malicious site. The email was designed to appear to be from a trusted payment company and require a login. At the point of login, credentials were asked for and then the website would redirect to a pseudo-malicious site. Phishing attacks such as these can be prevented by recognizing purchase history and manually checking links listed in emails. As the login page that appeared to be for southern, was actually not hosted on the correct link.

Campaign 7

Campaign 7

How to report Phishing Scams

Forward the message to phish@southern.edu

Call the IT HelpDesk at 423.236.2707