Avoid the PHISH Safe Computing

  • NEVER send your Ship username and password in an email
  • NEVER click on a link within an email until you verify the destination is valid
  • NEVER download files or open attachments in emails from unknown senders (In fact, it is best to open attachments only when you are expecting them and know what they contain, even if you know the sender)
  • NEVER email personal or financial information, even if you are close with the recipient (You never know who may gain access to your email account, or to the person's account to whom you are emailing)

Scam e-mail messages continue to be sent to Ship e-mail accounts requesting username and password information. These fraudulent hoaxes are called spear phishing. Spear phishers aim their attacks at many higher education institutions and often change their tactics to stay ahead of spam filters. These attackers pose as official Ship IT support personnel and request that you send them your username and password. Spear phishing e-mails are disguised to appear legitimate, but the reply-to address is not a Ship email address and the website address in the message does not direct you to a Ship website. If you receive an e-mail requesting your username and password, DO NOT follow the instructions. Just delete the message without response.

Shippensburg University will NEVER send out email messages asking you to provide your email/username and password. If you have responded to any such request, please visit https://password.ship.edu, change your password immediately, and contact the Help Desk.

Simple Phishing Protection Pointers

  • Check who is actually sending you the email.  STOP and carefully look at the "From:" field.  Often (but not always) the display name on the email has been spoofed to look like it is from an official 'Ship' sender or someone you actually know, but the actual email address is easily indentifiable as being bogus or from someone you do not know.
    • Sometimes even this can be spoofed or your friend/colleague's email has actually been compromised and is now sending you spam/phishing attacks.
    • PLEASE consider carefully who the email 'appears' to be sent from and why that sender would ever send you a link or attachment asking you to enter your credential information/username/password via an email.
       
  • You can also check the "To:" field when replying to a message.  The reply-to address may be different that the "From" address of the original message.  Make sure the reply-to address is an address you recognize.
     
  • ALWAYS hover your mouse over links in email or webpages to check their real destination before clicking on them.  (Note:  When you mouse over links in Outlook Web Access, all links will start with https://mail.ship.edu/owa/redir.asx.  Refer to the end of the URL string to verify link legitimacy.  This example below is from a phishing email message.  Notice the hostname is "host-ed.net".)Phishing 
     
  • You are your best protection.  Listen to your instincts.  If the email message looks suspicious or contains bad grammar, the website looks different from standard Ship websites, or the email/link/attachment is requesting you to enter ANY personal information/username/password, it is likely a phishing attempt.
     
  • If you EVER have the slightest question about the legitimacy of an email message, contact the Ship Help Desk at 717-477-4357 or helpdesk@ship.edu.
     

Phishing Email Examples

  • Fraudulent Username/Password Request via Email Reply [PDF]
  • Fraudulent Email Account confirmation request via Web Link [PDF]
  • Fraudulent Mail Quota Limit & Email Re-validation via Email Reply [PDF]
  • Fraudulent Outlook Web Access website [PDF]