Body
You entered credential information into a site from a GVSU phishing email
Don't worry, your network credentials have not been compromised as this was only a test internal to GVSU.
The GVSU Phishing Assessment Program is a part of the annual cybersecurity training helping GVSU gauge the awareness around identifying phishing emails. Our goal is to be 5% or less for response rates on GVSU employees clicking on phishing emails. Please use this as additional training to better prepare yourself for phishing emails. Follow up questions can be emailed to Security Awareness Training at sat@gvsu.edu.
If this would have been a real phishing email, the hackers would have infiltrated your email account and would soon be sending spam from the account, which could result in the account being blocked, as well as using your GVSU credentials to access GVSU information and potentially other personal accounts that may use the same password.
The most recent GVSU phishing email is shown below with the areas highlighted that are clues to help you understand what to look for in identifying phishing emails.
If you are unsure about the validity of any email, forward the email to the IT Helpdesk at phishing@gvsu.edu for evaluation.
GVSU Phishing Email Sample
From Address
CAUTION REGARDING THE FROM ADDRESS
Even though the email appeared to come from emailsec@gvsu.edu, this could have been a spoofed email address or the GVSU account that sent the email may have already been compromised. Even though it looks like the email is from a legitimate source, you should always be extremely careful when clicking unknown links and entering your password on unknown sites.
Clue 1
DESCRIPTION OF CLUE 1
The word suspicious is misspelled. Be on the lookout for misspellings and other grammar mistakes within phishing messages.
Clue 2
DESCRIPTION OF CLUE 2
The word browser is misspelled. Once again, be on the lookout for misspellings and other grammar mistakes within phishing messages.
Clue 3
DESCRIPTION OF CLUE 3
Unusual location gives a sense of urgency. Phishing emails usually trick recipients by making them respond quickly without thinking through the consequences of falling victim to a phishing attack. When in doubt, contact the IT Helpdesk.
Clue 4
DESCRIPTION OF CLUE 4
Both sentences are missing words. This is a clue that the email may not be legitimate and likely a phishing email.
Clue 5
DESCRIPTION OF CLUE 5
When reviewing an email you should use your mouse or trackpad to hover over a link. When you hover over the here link in the above email, you will notice the URL points to gvsuedu.site. This is a clear clue the link and email is not legitimate, and this is likely a phishing email.
Clue 6
DESCRIPTION OF CLUE 6
Once again, when reviewing an email, you should use your mouse or trackpad to hover over a link. When you hover over the https://gvsu.edu/it link in the email above, you'll notice the URL points to gvsuedu.site. This is a clear clue the link and email is not legitimate, and this is likely a phishing email.
Clue 7
DESCRIPTION OF CLUE 7
The URL that appears once you click on the links in the email message points to gvsuedu.site. This is a clear clue the URL is not a valid GVSU URL and is most likely a phishing email.