Spear-Phishing Email Targets Oberlin College

April 30, 2019 10:00 AM

Center for Information Technology

Have you recently received an email message that resembles the one shown below?

From: Jane Doe <jdoe@oberlin.edu>
Date: Wed, Sep 7, 2019 at 1:32 PM
Subject: Jane sent you a document

Jane Doe
sent you some files


Files (12.1 MB total)
Document..Zip (1 of 1).jpg

Will be deleted on 
10 September, 2016
Get more out of Dropbox, get Plus

BEWARE!  This is a "Phishing" Message!  DO NOT CLICK ON THE ENCLOSED LINKS!

Phishing is defined by the US Computer Emergency Readiness Team (US-CERT) as "...an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code."

The Dangers of Phishing Messages

These "phishing" messages often increase in volume and frequency at various times during the year.  Spammers send them in an attempt to get you to divulge personal information which can they be exploited, mainly to steal money, steal your identity, or otherwise perform some malicious activity.

What can they do with your Oberlin College email account?

  • Use your email account to send harmful phishing messages to people in your address book 
  • Modify your Oberlin web site (if you have one) to spread infectious files to visitors
  • Attempt to log into restricted Library reference material, costing Oberlin access fees
  • Attempt to access other College systems, such as Blackboard

Identifying Phishing Messages

There are some telltale signs that can help you determine whether a message was sent by Oberlin College CIT, HR, or other legitimate organization, or by a spammer hoping to steal your confidential information. 

  • If you notice poor grammar, spelling, or punctuation, the message may be coming from a spammer.
  • If the message tells you to respond or click on a link or something dire will happen, such as your account will be deleted, or you will not get the forms you need, the message is likely from a spammer.
  • If links are included in the message and you do not ask for them, the message is likely from a spammer.
  • If the message is not signed by an actual person, such as Jacquelynn Gaines, CIT Communications Manager, but is instead signed by a generic positional name, such as Administrator, Admin, HR, Account Manager, The Oberlin Team, Ebay Admin, Bank Administrator, etc., then the message is very likely from a spammer.

Identifying Fraudulent Websites

If you do not read the phishing message closely, you may click on a link without thinking. But it's not too late! There are also some signs to look for on fraudulent webpages to help you identify a scam before you enter your username and password.

What To Do With Phishing Messages

Oberlin College CIT will never ask you for your password or email credentials in an email.  Neither will other legitimate organizations.  If you think a message looks "phishy", you are probably right to be suspicious.

There is little anyone can do in advance to block all phishing messages from reaching your inbox. If you've received a phishing message, staff members within CIT have likely also received it and are aware of the problem. Thus, there's no need to forward the messages to us. The best course of action you can take is to change your ObieID password immediately and click the "Report spam" button in OCMail (it looks like a stop sign with an exclamation point on it) to alert Google about the message and to help them refine their spam filtering capabilities. 

Also, remain aware of potential phishing messages.  Don't divulge personal information and don't click on links in unsolicited email.