Phishing / Spam Emails
Detection and response protocol
Table of Contents
Product: Gmail
Audience: All Staff
Overview
Quick tips on how to identify Phishing and/or Spam emails and what to do about them
Tools/Equipment Needed
Web Browser, Phish Alert Button, Gmail Spam Report Button
What to look for in potentially harmful email
- Do you know the sender? Make sure to check the actual email address of the sender
- Are there any hyperlinks in the content of the email? Is this something you expected? You can hover over the link to see the true destination address. If you do not recognize the destination, we advise caution before clicking.
- Are there any attachments? Are you expecting this attachment? If not, we advise caution before downloading.
- Is this a “Share” email from Google Drive, Dropbox, Microsoft Sharepoint? Many Phishers utilize trusted Share sites to mask their attempts. If you were not expecting any of these shares, we advise caution. As a rule, Corvallis School District only supports the use of Google Drive for cloud sharing.
Just Spam? Or is it Phishing?
Spam Emails |
Phishing Email |
|
|
What to do | |
In Gmail, use the Report Spam button. This will send messages from this sender to your Spam folder in the future. |
Use the Phishing Alert Button to report a phishing attempt. This will forward the message to Technology Services to review the message and take any necessary action |
- Reach out to your SPOC if you suspect a message is a phishing attempt but are unsure.
- Instead of clicking on a phishy link, use reliable sources such as the Human Resources page of the CSD Website.
How to avoid being tricked by phishing*
- Always be suspicious of any message that requests you to click a link or open an attachment.
- Spoofed hyperlinks – if you can hover your mouse over the link, the destination displayed in the preview might be completely different than the destination displayed in the message.
- Double-check to ensure that the link will take you to where it says it will.
- When you are suspicious, try opening a new browser tab and navigating to the destination without clicking the link.
- Be cautious of any message communicating a sense of urgency or dire consequences should you fail to take immediate action.
- If you are concerned about a message, contact the person (your SPOC or Technology Services) using a different, validated method like a phone number you already had or check the organization’s website ‘Contact Us’ information. Never use the links or contact information in the message you are concerned about.
- Be careful not to provide personal or sensitive information in response to a message.
*Suggestions adapted from National Institute for Standards and Technology
Phishing Victims
If you have been a victim of phishing and clicked an embedded link or entered personal data, please follow our Phishing Protocol and contact your building SPOC immediately.