Seeing an email that just doesn’t look right? If you have a gut feeling that it may not be, don’t click it or reply to it; delete it! If it is a scam, your reply confirms the scammer has a good email address worth pursuing by sending more messages which could harm your computer or email account.
Scam artists are experts at social engineering and human behavior. They optimize their attack patterns when you are likely to be less attentive; after a 3-day weekend, around holidays, or in the case of higher education, during summer break. The ‘payload’ or content of the email will be aimed at what they perceive to be a vulnerability to you. Ex. Tax season scams are usually official looking emails threatening to cut off your access or your account.
The best defense for email attacks is YOU. Staying alert and educated is how you keep your own identity safe and ensure HCU isn’t unnecessarily exposed.
Here is a phish email example from May 15, 2018.
Suspicious indicators are:
- Email says it’s from OutlookOffice365 but originated from nwfr.org
- The email is not personalized. In this case it is sent to ‘Dear User’
- The ‘Click here’ links go to myminiurl.net; not Microsoft.
Another phish dated May 10, 2018, also had suspicious indicators:
- The email was sent to ‘Me@…’ instead of your personal email account.
- You were not expecting an email from Docusign.
This phish turns victims into spambot relays sending additional phish messages to entire addressbooks. The new phish messages also have warning signs such as misspelled words and incorrect names.
Suspicious Emails – When in doubt, DELETE!