News and information useful to Cleveland-Marshall College of Law students, faculty and staff.

Archive for January, 2022


Yoga in the Quiet Room, Tues. Jan. 25, 12:00-12:30

Join us for Yoga in the Quiet Room, located in the Learning Commons in the Law Library.

Tuesday, January 25, 12:00-12:30p

This session is for everyone. Yoga mats not provided. You can come in your regular clothes!

 

Comment 8: Beware Pirates Dressed in Email’s Clothing

Phishing continues to be a major problem for people and companies. An article from Cybernews highlights a recent study that finds up to forty percent of  received emails are from criminals attempting to trick you. While you and your colleagues may mostly complain about the amount of spam in your inboxes, that annoyance is nothing compared to the real damage of falling for a phishing attack. Thanks to the pandemic and its push to further digitize our work and personal lives, overall cybercrime has increased up to 600%.

 

But wait! You don’t need to nuke your email account. Luckily, built in security features block eighty percent of phishing attempts from reaching your inbox. Let’s consider what that means in a hypothetical case where you receive 100 emails a day:

 

Total Emails Received Potentially Malicious

(40%)

Potentially Malicious

Emails Blocked (80%)

The Problem
100 40 32 8

 

If everything works roughly as it should, there are eight chances every day to accidentally expose our personal/financial information or compromise our computers/networks. To be more cognizant of this danger, we will briefly define what phishing is and look at some simple strategies to help keep you and your institutions safe.

 

What is Phishing?

The Computer Security Resource Center, a division of the National Institute of Standards and Technology under the U.S. Department of Commerce, provides several definitions for phishing from very broad and accessible to highly specific terms of art. For our purposes we will define phishing as:  Tricking individuals into disclosing sensitive personal information by claiming to be a trustworthy entity in an electronic communication. If technology tends to make you a bit anxious, think of this like a scene from a movie where a somebody flashes a fake badge at a motorist and commandeers their car…and probably their wallet.

 

What does it look like?

Below is an email that recently came into the library that bears all the signs of a phishing scam.

 

 

Example of a phishing email

Click for larger size

 

Prior to examining the six things I found suspect in this email, I want to mention the subject line. One of the go-to tools for scammers is to create a sense of urgency in their victim. This is not something that occurs just in phishing emails, there is an aspect of this in every scam. In this case the scammer is attempting to induce a panic in the fact that my password is about to expire. Whenever I see anything that is trying to engage me emotionally rather than intellectually (unless its a Hallmark movie) I immediately become suspect; however, gut feelings are not evidence. Let’s consider the email (note. Never click a link in an email from somebody you don’t know. I check links by hovering over it with the mouse pointer or by copying it and pasting it into a simple text editor):

1.Outlook came right out and tells me who sent this email (noreply@service.com) and that they are not part of my organization. Why is an account outside my networking warning me that my in-network password is about to expire?

 

2.The sender information here suggests a simple name spoof. While it says this email is from “Support law.csu.ohio.edu,” I can once again see that this is really from a service.com email. It is easy to fake some identifying information in an email, but others are more difficult. This is a huge red flag.

 

3.If an IT administrator is contacting you about issues with your account, it is very unlikely that they will address you by your username rather than your actual name. It’s not impossible, however, so this is less a red flag and more a concern.

 

4.Both the “Keep Current Password” and the link above it for my account that is about to expire are not doing what they should. (Again! Don’t click on links in email you don’t trust!) If I were to click on my address in the second line of the email, it would use a function called mailto: which tells my email client to open a new mail that would be sent to somebody @glennbio.com. This is a whole new domain added into the mix. There is no website for this domain, but some simple sleuthing let me discover that it was first registered in August of 2021 to somebody using a fake name at a probably false address on Jalan Sultan street in Kuala Lumpur. Clicking the “Keep Current Password” button would send me to a site that attempts to inject malware, or malicious code, onto my computer.

 

5.Were I to follow this link to “see my email activity” I would end up at the same site as the button above. Also, just as a common sense thing, why am I going to click a link to see me email activity when I am in my email client, which shows me all my email activity.

 

6.I’m honestly unsure where this link goes or what it is trying to do, but I do know that is has nothing to do with the law.csuohio.edu domain.

 

What do I do if I suspect phishing?

1.Take a second to think. Like I said, scams try to create a sense of urgency.

 

2.Don’t click on anything in the email!

 

3.Delete it, block it, or, if possible, report it. Most email clients will giver you the option to report attempted phishing. Doing so helps them better understand the problem and help keep them able to block the majority of attempts. The email service at CSU makes it as easy as clicking ‘junk’ toward the top of the screen and selecting ‘phishing’.

 

4.What if I am dubious of this email but I am still worried about my account. The best thing to do here is contact the person/institution that the phisher is claiming to be and find out what is going on. One caveat though, contact them through a source that is not in the suspected email. In this case I’d use the university website or my address book. This is also true if you feel that you are being scammed on a phone call. Say you get a voicemail from your bank about something but something seems off. Don’t call the number they give you, instead call one you independently verified.

 

Thanks for making to the end of the first Comment 8!

 

Yoga Once a Month Starts Next Week

Once-a-month yoga sessions start next week in the Quiet Room, located in the Learning Commons in the Law Library. The sessions will be led by Julie DiBiasio, who is an experienced yoga instructor in addition to being the C|M|LAW Director for Graduate Studies & Professional Development.

Julie leads sessions that can help you relax and take a break from law school. Yoga mats aren’t provided, but you are welcome to bring one, or a towel. You can also just do the session without one (I have, and in my work clothes!). So it goes without saying, yoga attire is entirely optional.

Here is the schedule for the sessions, all of which will be held from 12:00-12:30p:

  • Tuesday, January 25
  • Tuesday, February 22
  • Tuesday, March 22
  • Tuesday, April 19
  • Tuesday, May 17

Need Help with Research? Librarian Consultations Available

If you need help with a paper, the law library offers scheduled Research Consultations. Let us know what you have already completed and what areas you need help with, and a librarian will assist with finding resources and information. Most research consultations are approximately 30 minutes in length, depending on need.

The library has several research guides designed to assist you in starting your research: Scholarly WritingScholarship TechnologyFinding Articles in Law Reviews and JournalsBluebooking and Legal Writing SoftwareResearch Databases, and Citation Checking.

Need to Write a Paper? Look to our Research Guides

Many law students go directly to Lexis, or Westlaw when beginning a research project. While these databases may be useful, widening the net in the search for information for your paper or project may be helpful.

When unsure about where to seek a particular type of information, think first of the law library’s Research Guides, which are subject-specific finding aids for locating resources on a topic. There is a direct link to the guides from the law library’s homepage.

The research guides also contain information on databases specific to the topic that may be of use to the researcher. The databases should be thought of in two broad categories: law databases and non-law databases. There is a link to the law databases from the law library’s homepage and the non-law databases (under the link ‘Research Databases’) from the Cleveland State Michael Schwartz (Main) Library’s homepage. The main library’s homepage link can also be found on the law library’s homepage.

The non-law databases contain full-text of articles and documents along with indexes and abstracts that cover a wide range of topics and interests. Some of the databases have many sources, while others might only have one source (e.g. Newspaper Source vs. New York Times).

Consider using other law databases (e.g. HeinOnline) to find information that is beyond the coverage of Lexis, and Westlaw.

Not sure where to start in your research? Law Librarians are available to help during Research Services Hours:

You can also schedule a Research Consultation.