Recognizing and Reporting Phishing at NCU

Learn how to recognize phishing attacks targeting NCU students, faculty, and staff — including how AI has changed the threat landscape, the most common scam types at NCU, and what to do if you receive or fall for a suspicious message.

What is phishing?

Phishing is any attempt to trick you into revealing personal information, credentials, or money by impersonating a trustworthy person or organization. Attacks arrive by email, text message (smishing), phone call (vishing), or fake websites — and often combine multiple channels.

Universities are high-value targets. Attackers exploit the open, trust-based nature of academic communities, the mix of students, staff, and faculty with different levels of security awareness, and the fact that university email addresses are easy to find.

How AI has changed phishing

The old advice — "look for typos and bad grammar" — is no longer enough. Attackers now use AI to write flawless, convincing messages at scale. Here's what that means in practice:

Old phishing (before AI)

  • Obvious typos and broken grammar
  • Generic "Dear User" salutations
  • Blunt, one-size-fits-all messages
  • Easily spotted by spam filters
  • Low effort, high volume

AI-enhanced phishing (now)

  • Perfect spelling, grammar, and tone
  • Uses your name, role, or department
  • References real people at NCU
  • Mirrors the "voice" of NCU communications
  • May include deepfake audio or video in follow-ups

A polished, well-written message is not a sign it's safe

AI generates professional prose in seconds. If a message creates urgency, asks for credentials, money, or personal information — verify it through a separate, trusted channel regardless of how legitimate it looks.

Threat types at NCU

NCU sees four primary phishing threat types. Each has a dedicated article with detailed guidance — click through for the full picture.

Job & Recruitment Scams — primarily targets students

Fake job offers that "select" you without an application, promise high pay for minimal hours, and eventually ask for your SSN, bank info, or Zelle transfers. Scammers impersonate professors, department heads, and external recruiters.

Read: Phishing — Job & Recruitment Scams →

Executive Impersonation & Smishing — primarily targets staff

Text messages or emails impersonating NCU deans, cabinet members, or supervisors — often claiming to be "in a meeting" and needing urgent action like purchasing gift cards or transferring a file. NCU leadership will never conduct financial business by text message.

Read: Executive Impersonation & Smishing →

Spear Phishing & Fake Login Pages — primarily targets faculty & staff

Targeted emails that mimic internal NCU communications about payroll, HR, or IT updates — linking to convincing fake login pages designed to steal your Microsoft credentials and MFA codes. Always navigate directly to NCU portals rather than clicking links in unexpected emails.

Read: Spear Phishing & Fake Login Pages →

Gift Card Scams — targets anyone with purchasing access

A scammer impersonates a supervisor or executive and urgently requests you purchase gift cards on their behalf, then share the card numbers. No legitimate NCU business is ever conducted with gift cards.

Read: Executive Impersonation & Smishing →
Universal rules — always applies

These rules apply regardless of the type of message or how legitimate it appears:

When something feels off — stop and verify

  • Verify through a separate channel. If an email or text asks for money, credentials, or personal information — call the sender directly using a number from the NCU website, not the one in the message.
  • Check the actual sender address. Display names can say anything. Look at the full email address — if it's a Gmail, Outlook, or slightly altered NCU address, it's suspicious.
  • Never click links in unexpected emails. Go directly to the NCU portal or relevant system by typing the URL yourself.
  • Urgency is a red flag. Any message pressuring you to act immediately — especially involving money, gift cards, or credentials — warrants extra scrutiny.
  • NCU will never ask for passwords by email or text. IT will never request your password through any message.
  • NCU leadership will never request gift cards or financial transactions by text. Full stop.
Frequently asked questions

How did they get my email address?

Several ways — and most of them have nothing to do with NCU's systems being compromised:

  • You use your email address everywhere. Conference registrations, journal subscriptions, LinkedIn, professional directories, university websites — NCU email addresses are publicly findable and routinely harvested by automated tools.
  • Third-party systems get breached. Any platform you've ever registered with using your NCU address is a potential source. Canvas, for example, publicly disclosed a breach in which email addresses were among the data specifically confirmed as exfiltrated. Any other service — a conference platform, a vendor portal, a professional network — carries the same risk.
  • A device in your contact network was compromised. If a colleague's phone, browser, or laptop is infected with malware, an attacker can extract the entire address book — including your address — without ever touching your account or NCU's systems.
  • Guessing and pattern matching. NCU's email format is publicly known. Attackers generate address lists by combining known names with common university formats.

Receiving a phishing email addressed to you is not evidence that your account was hacked or that NCU's systems were breached. It most likely means your address exists somewhere a harvester found it — which is true for virtually everyone.

Why can't IT just block the sender?

IT can and does block specific addresses when reported. But many phishing attempts come from free email services like Gmail, Yahoo, or Outlook.com — and blocking those domains entirely would also block legitimate email from students, vendors, job applicants, and the general public. That's not a viable option.

These messages get through filters precisely because they come from legitimate mail providers. There's no spoofed domain to intercept — the email really did come from Gmail. The sender just attached a convincing name and signature to it and hoped no one would check the address.

IT continuously invests in and updates the technical controls available to us — including email authentication standards and filtering systems — to reduce what reaches your inbox in the first place. Those efforts are ongoing, but no technical layer eliminates phishing entirely. The human layer — you checking the sender address before acting — remains the most reliable defense against the attacks that do get through.

The email says my account is compromised — should I be worried?

Probably not in the way the email implies. "Your account has been compromised" is one of the most common phishing hooks — and the account being referenced often isn't your NCU account at all. The email may reference a Gmail address, a personal account, or simply use vague language designed to create panic.

If you have genuine concerns that your NCU account has been compromised, go directly to myaccount.microsoft.com and review recent sign-in activity, or call IT at 612.343.4170. Do not click anything in the email that raised the concern.

Reporting or responding to a phishing attempt

I received a suspicious message

Don't click, don't reply. Forward it to IT for review:

incident@northcentral.edu

Forward as an attachment (not a regular forward) so full message headers are preserved. See the full instructions: Reporting a Phishing Scam or Suspicious Email.

I already clicked or provided information

Act immediately — the faster you respond, the more damage you can prevent:

  1. Call IT: 612.343.4170
  2. Change your NCU password now
  3. Email: incident@northcentral.edu

See the full recovery steps: Help! I Have Been Phished!

What happens after you report

IT reviews every report. You may not receive a direct reply — most are acted on quietly, and campus-wide alerts go out when something is widespread enough to warrant one.

Not every report leads to a visible fix, and it's worth knowing why. Many phishing attempts reaching NCU aren't technically sophisticated — they're a Gmail or Yahoo address with an NCU employee's name and a convincing signature. There's no spoofed NCU domain to block, no compromised account to lock down. IT can block a specific address, but blocking all of Gmail or Yahoo isn't an option. The same goes for emails warning you that "your account has been compromised" — often it isn't an NCU account at all. These messages get through because they come from legitimate mail providers. That's why checking the actual sender address before acting on anything is the single most reliable defense.

Print Article

Related Articles (2)

Help! I Have Been Phished!
Learn what to do if you clicked a phishing link, entered your credentials on a suspicious page, or sent money or personal information in response to a scam — including immediate steps to secure your account, protect your finances, and report the incident.
What to Do if Your Account is Compromised
If you believe someone has unauthorized access to your NCU account, every minute counts. Learn the immediate steps to stop the damage, secure your account, and report the incident to IT.

Related Services / Offerings (1)

Report Information Security Incidents
If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to IT.