January 2025 Security Topic - Reporting Phishing Emails

A phish is an unsolicited email with a request for action or information. These emails are usually sent by financially motivated criminals to perpetuate various types of fraud. Phishing is low cost using freely available services and easy to perform with little technical knowledge required.

There is a very low risk of getting caught by law enforcement and activities occur across international boundaries. Phishing is easy, low risk and low cost. It’s the perfect criminal activity. That is why we see so much of it.

While there are many cybersecurity tools designed to prevent phishing activity, there is always a way around them. One of the most important ways that email security works is by considering the trust worthiness of systems on the internet sending email messages. Over time systems sending too many phishing messages may be widely blocked.

There are several popular techniques for avoiding these blocks. The first involves using commercial email services such as Gmail or iCloud Mail. Phishers can create an unlimited number of new accounts on those services at no cost and deliver as many phishing messages as they like. Cybersecurity tools will then identify Gmail as an untrustworthy sender, and it can be blocked.

Yet while services like Gmail are commonly used to commit fraud, they cannot be blocked entirely because there are also large numbers of legitimate users in the service as well. Users expect that these common services will not be blocked regardless of the amount of fraudulent activity they enable.

The second technique involves compromising an organization. There are huge numbers of organizations in the world doing business on the internet. Unfortunately, not all of them are operating securely and they are susceptible to having their services taken over. Once their email services have been hijacked, phishers can begin sending large numbers of trusted emails all over the world.

Up until the compromise, the organization’s email system was trusted by everyone, and phishers can use that trust to ensure the delivery of their fraudulent emails. Cybersecurity tools evaluate trust worthiness and that is how they can be defeated.

These two techniques above work in harmony with one another. The phisher may first use Gmail to compromise a business, and then use the business to compromise others. All this activity builds towards new frauds of greater and greater impact. It leads to text messages on personal phones, phone calls to family members, various types of identity theft and additional targeting from criminals. Once the ball is rolling, criminals have a much easier time getting a financial return for their time.

Often people think of these incidents as independent, one-time events. The reality, however, is that phishers often string together their activities over time and build towards achieving their objectives.

One way that SUNY Brockport combats this is with user reporting. When users report an email using our campus reporting process, our email security automatically begins lowering the trust worthiness of an email sender. If enough people report, the system will automatically declare that a sender is untrustworthy and begin blocking them.

This makes user reporting a powerful and effective technique for halting the spread of phishing messages, regardless of the techniques criminals use to evade various cybersecurity tools. This means that they also must evade all the people on our campus.

In the last 30 days, we have received over 600 user reports through our automated reporting process. These 600 reports led to the identification and remediation of 200 malicious emails delivered to the campus. That is a direct connection between campus community members acting and threats being rapidly addressed 24/7 with no BITS staff member intervention involved. That is the power and importance of user reporting to addressing phishing threats in our community. It’s amazing.

With over 11,000 active community members receiving tons of emails per day, we know that current reporting is only a fraction of what it could be. The more reporting that we have, the better our security system works. It’s essentially learning from the crowd.

To participate, people must utilize Outlook desktop, web, or mobile to report to our system. Please review this article for more information: Outlook - How to Report Suspicious Emails
If you need further assistance, please submit a ticket using the button on this page, or call the IT Service Desk at (585) 395-5151 Option 1.