Phishing and Other Email Scams

Overview

Phishing is the act of masquerading as a trustworthy entity in an electronic communication, typically email or web pages, in order to obtain personal information, such as usernames, passwords, dates of birth, Social Security numbers, and credit card numbers from victims.

These emails pose a unique threat to organizations like North Central University because their high degree of customization often enables them to evade even the best email filters.

How to Protect Yourself from Scams

  • Be on the lookout for suspicious emails or text messages. Legitimate, responsible companies will never solicit personal information over email. Never reveal personal or financial information in response to an email request, no matter who appears to have sent it.
    • Bad spelling/grammar: Professional companies or organizations usually have proofreaders. If you notice basic grammar or spelling mistakes, it is likely fraudulent. However, while this used to be very common, scammers are getting better and emails with good grammar should also be scrutinized. 
  • If the email looks like it came from someone or some department at NCU, check with that department before complying with the request.  Email impersonation can be very convincing.  If you receive an email with a request for information that seems out of the ordinary, a request for money, or other goods, call them or meet them in person to verify that the request is.
  • Be wary of ultimatums. Claims or threats that your account will be suspended/deleted if you do not respond with your personal information within some amount of time. 
  • Double and Triple-check for URLs. Scammers use logos in email that appear to be hyperlinked to legitimate websites but actually take you to phony websites. Their hyperlinks may also use slightly altered addresses of companies (i.e. gooogle.com or micrsoft.com) to throw you off.
  • Don’t click on links or attachments in suspicious emails or text messages. Instead, visit the mentioned website directly by using a search engine to locate the real site. If the web address listed by the search engine and the address in the email do not match, the email is most likely a phishing attempt or spam, and you should delete it.
  • If you are still tempted to click, pick up the phone instead. If the message looks real and you are really tempted to respond, instead look up the phone number of the company and call them. Do not use any phone number in the email because it could be fake. Ask if the message was actually sent by the company and if you can take care of any issues over the phone instead.

Where to Report Phishing

To report a phishing scam, forward the phishing email as an attachment to incident@northcentral.edu by following these instructions: Reporting a Phishing Scam or Suspicious Email for Review.

Why do we request forwarding as an attachment?

  • When you forward the message as a regular email, full headers are not included. Without the full headers, the investigation of the suspicious email becomes more challenging.  
  • Full headers provide information about the path the message traveled to get to your inbox. These headers are critical for Cybersecurity staff members investigating the origins of an email message. 
  • Simple headers (to/from) can be forged, so full headers are an important step to diagnosing, containing, and possibly preventing more phishing attempts.

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

  • Contact the IT Service Desk to immediately have your password changed.
  • Carefully review any online account that became vulnerable as a result of responding to the message.
Print Article

Details

Article ID: 48683
Created
Mon 2/19/18 1:30 AM
Modified
Mon 4/24/23 4:03 PM

Related Articles (2)

Learn what actions you should take to protect your accounts and report the incident.
A compromised account is one accessed by a person not authorized to use the account.

Related Services / Offerings (1)

If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to IT.