SCAMALOT! Part VI

Posted June 7th, 2017 at 2:29 pm.

Welcome to a special edition of SCAMALOT! In this post, we change course from our usual mission of providing tips and tricks for recognizing phishing attacks to learn how to assess automated emails you’ll encounter in your inbox.

At times, you will receive automated messages from Bryn Mawr College or Bi-College software, like the password reset web site. These messages may be less personalized and come from an address that does not belong to an individual (e.g. help@brynmawr.edu, accounts@haverford.edu), which may make them look suspicious at first glance.

While it’s much better to be overly cautious than too trusting when navigating your inbox, it’s good to know that not every message that contains suspicious elements or lacks certain information is a phishing email. This post will examine a legitimate email that may seem dubious to some — the password expiry notification email.

After reading this post, you’ll be better equipped to approach various types of automated emails with confidence!

Password Expiry Email

accounts@haverford.edu? What is this?

Sample question: “Not only is this email coming from a Haverford address, but it’s not even coming from a real person. Who is accounts@haverford.edu?!”

Bi-Co Password email header

This is a valid question! Bryn Mawr College and Haverford manage some account access jointly. Password expiry emails are sent from Haverford to both BMC and HC folks when their passwords will expire soon.

The email includes contact info for Bi-Co community members to utilize if they have questions regarding the legitimacy of the message.

PW Expiry contact info

Also, at the bottom of the email, you’ll notice that it is indeed signed by a HC staff member and a BMC staff member.

PW signature

The password expiry notification email is very good about providing ways to verify its authenticity; however, not all automated emails you receive from BMC or Bi-Co software will provide this information. The most effective way to determine if any message is legitimate is to contact the sender via a known, trusted [method]. If the email is not signed by an individual sender, utilize the Faculty/Staff directory to contact someone from within the relevant department: http://www.brynmawr.edu/find/facultystaff/. The Help Desk can also help verify the legitimacy of messages.

Important to remember: just because a message says it comes from a BMC, Haverford, or other familiar domain, doesn’t mean it’s legitimate!

Why is it directing me to a Haverford URL?

Sample question: “The email is telling me to go to a Haverford website to change my password. That seems very phishy to me.”

This is another valid point. Because both colleges use the same password management software across both campuses, there is only one web site for it, currently hosted by Haverford. The email mentions this:

PW Expiry 1

You’ll notice that if you visit the URL password.brynmawr.edu or accounts.haverford.edu, they lead to the exact same page: https://idm.haverford.edu/identity/self-service/bico/kiosk.jsf

password.brynmawr.edu and accounts.haverford.edu use what’s known as URL redirection, which allows organizations to use easy to remember web addresses, even if the full URL later changes with software changes.

Consider the purpose (and tone) of the message

Before taking any action, always stop to analyze the purpose and tone of the message. Consider what the message is trying to convey. Is the message purely informational, or is it urging you to log in to a website or open an attachment? If the message is informational and not asking for any action or input from you, it isn’t phishing!

Phishing messages will often create a sense of urgency to convince you to take action or face consequences (e.g. “Verify your account within 24 hours or your account will be deleted!”). Notice that the password expiry notification email does not contain threatening language, but rather advises the recipient to change their password at their earliest convenience.PW Expiry earliest convenience

Approach any message that asks you to open an attachment or click on a link with extreme caution. Criminals can easily spoof links to look real, but take you to a fake login page where they can steal your sensitive information. Get into the habit of typing known, trusted URLs into your browser rather than clicking on links within emails. Automated emails sent from College/Bi-Co software, such as the password expiry notification, will usually advise you to type in the URL of the password reset page.

Know your role!

Be aware of College policies and processes as they pertain to your role on campus. You should expect regular emails notifying you when your Bi-Co password is scheduled to expire. If you receive an email requesting that you change your College password and you’re suspicious, contact the Help Desk.

That’s it for this edition of SCAMALOT! Learn more about how to recognize scams by completing the College’s Information Security Education Program: http://lits.blogs.brynmawr.edu/7100

Contact the Help Desk with any questions (x7440, help@brynmawr.edu). Again, you are welcome to call if you’d like help determining the legitimacy of a message.

 

 

 

Filed under: Email,Information Security,Office 365 Online Tags: by Andrew Mantuano

Comments are closed.