Identifying Phishing Attempts

Documentation

At the HelpDesk, and throughout campus, there has been an influx of phishing attempts on NMU accounts. In response to this we would like to get the word out to the NMU community about ways to tell if you are looking at a possible phishing attempt. Our friends over at James Madison University (jmu.edu) came up with a great rule of thumb when faced with a possible attempt to gather personal information. They suggest, “counting the periods.” What this means is that you will want to look at the link, count back two from the first slash after “http://” and note those two sections. What you are looking at is what’s called the domain of the site or e-mail address. 

We hope that you are able to take this information and use it beyond your time here at NMU to continue to keep your personal information safe. Remember that Northern Michigan University, your bank, your financial advisors, and any other person or organization that deals with personal information will typically NOT ask for your information via e-mail including but not limited to: your password or your unique identifier (NMUIN, Member Number, Social Security Number, etc.).  If you ever receive a message asking for personal information it is safe practice to contact the support group for that organization. It’s always better to be safe and ask.

Knowing Trusted Domains
Identifying Untrustworthy Domains
 

Knowing Trusted Domains

http://www.nmu.edu/ - Here we count back two periods from that first slash after "http://" and we see "nmu.edu" which is the standard domain for an NMU site. 

 

 

https://mynmu.nmu.edu/ - Again, if we count back two periods from the slash we see "nmu.edu."

 

http://educat.nmu.edu - This one doesn't have a slash, so now what? Count your two periods back from the end of the address as if there was a slash and note the doman, in this case, "nmu.edu."

 

myuser.nmu.edu - This one doesn't have an 'http' or a slash! Follow the same guideline as the last example and you'll see the "nmu.edu" domain. 


 

Identifying Untrustworthy Domains

We recently recieved a phishing attempt on campus from http://mailnmuedu.webs/com, which is NOT a trusted NMU site and should NOT be followed or clicked. 

 

  • Counting the periods here shows us that this is not an nmu.edu site. 
  • If a link just says "Click Here" or you can't see the URL or domain, just hover over without clicking the link and a link description will appear. You can count the periods here.
  • If an email ends in anything other than @nmu.edu or @mes.nmu.edu, chances are it's NOT from a trusted Northern Michigan University account, though we do use a few third party systems in some departments
  • If you aren't sure, feel free to ask a coworker or contact the HelpDesk.

 

We hope that you are able to take this information and use it beyond your time here at NMU to continue to keep your personal information safe. Remember that Northern Michigan University, your bank, your financial advisors, and any other person or organization that deals with personal information will typically NOT ask for your information via e-mail including but not limited to: your password or your unique identifier (NMUIN, Member Number, Social Security Number, etc.).  If you ever receive a message asking for personal information it is safe practice to contact the support group for that organization. It’s always better to be safe and ask.

Identifying and Limiting Spam

Documentation

Here are some tips to help you identify if an email is spam:

  • Northern will NEVER ask you for any personal information such as your NMU password or Social Security Number through an email. In fact, NMU will NEVER ask for your password no matter what the circumstance could be.
  • To be safe, never send any personal information over email. Over the phone is better, but in person is always the way to go.
  • Never enter your information on a pop-up screen.
  • To verify if links in an email are legitimate or not, move your cursor over the link to view the address used in the link. If it doesn't appear to match what the message is about don't click on it. If you are still not sure if it is legitimate contact the place of business to see if they sent it to you. 
  • If the email address ends in something you do not recognize, don't trust it. If the email says that it is coming from the "Helpdesk" then it would come from helpdesk@nmu.edu. If it is coming from another email address it is most likely spam, you can get more information on this on our phishing attempts page.
  • The message contains a fuzzy or illegitimate logo.
  • The message shows the sender on behalf of someone, such as NMU, but does not have a legitimate NMU email address.
  • The message requires you to enter a password.
  • The message requires you to download a file.
  • You may get emails about verifying your account or to take action quickly with a link for you to enter your information. Ignore and delete this type of email.

To avoid getting more spam emails:

  • Do not sign up for services or use your email on sites that you do not trust.
  • Unsubscribe from messages by looking at the bottom of the email for a button or link that says "unsubscribe".
  • Change your NMU email spam settings in myuser.nmu.edu/user by following our instructions

If you clicked a link you don't trust or shouldn't have and entered your information:

  1. If you entered your password after clicking the link, go to myuser.nmu.edu/user immediately to change your password.
  2. If you downloaded or saved anything from an email that was illegitimate open your "downloads" folder by opening windows explorer and selecting "downloads" located on the left hand side of that screen.
  3. After you delete the item from your downloads folder, empty your recycle bin as well that way it will no longer be on your computer.

Account Lockout Types

Documentation

NMU users can be locked out of their NMU account (MyUser, MyNMU, Webmail, etc.) for various reasons, as listed below. Some of these lockouts can be fixed by the user, but many of the account lockout types will need the assistance of the Helpdesk to unlock. While locked out, a user will be unable to access most account services and will not have network access.

  1. Copyright Violation - When a user is caught illegally downloading music, games, movies, or anything else defined as illegal in the Acceptable Use Policy, this type of lockout can occur. NMU will contact the user's email address, and then the user will have to come to the Helpdesk after his or her second offense to have a full-time staff member unlock the account. The user will also need to sign a waiver for the copyright violation. You can review the copyright violation system here
  2. Password Recovery - If a user has forgotten his or her password and was unable to answer their challenge question through the password recovery system, the account will be locked and the user will need to come to the Helpdesk with photo identification. 
  3. Virus Lockout - If a user has a device registered to his or her account that is infected with a virus, the user will be deregistered and will have to come to the Helpdesk for virus scans and to get the account unlocked. 
  4. Spam/Compromised Account Lockout - If a user's account is locked due to spam, or identified in other ways as a compromised account , the user's account will be locked and unable to access email and other account services. The user should be able to log into MyUser to change his or her password and unlock the account. If not, the user will have to visit the Helpdesk to have the account unlocked. 
Subscribe to spam