Security - Identifying Phishing Scams
Before You Start
What is phishing?
According to the National Institute of Standards and Technology, phishing is the act of “tricking individuals into disclosing sensitive personal information through deceptive computer-based means.” In phishing scams, “the perpetrator masquerades as a legitimate business or reputable person” and attempts to gain access using fraudulent emails, links, and websites.
Prevent phishing
- Never share your Clark University password.
- Do not use your Clark University email address for personal matters.
- Do not click links or open attachments from unknown senders.
Warning: Please do not download, save, or forward suspected phishing emails to the Help Desk.
Phishing Emails
Warning signs
Phishing emails usually contain one or more of the following warning signs:
- Strange or unfamiliar greetings
- Spelling or grammar mistakes
- Inconsistent email addresses, names, or links
- Requests for personal or contact information
- Threats, emergencies, or urgency
Examples
From: smithluke@gmail.com1
Subject: CoolTech
Account is in default and requires immediate payment to avoid legal action2. Pay here: www.paypal.com/cool3
-
1. Inconsistent email address
-
2. Threat and urgency
-
3. Suspicious payment link
From: Gmail account claiming UN affiliation1
Greeting: Dear Student2
Offers high-paying job and requests personal details3
-
1. Inconsistent email source
-
2. Incorrect greeting
-
3. Request for personal information
Reporting Phishing Emails to ITS
Outlook for the Web
- Open the suspected email (do not click links or attachments).
- Click the three dots in the top right.
- Select Clark Phish Alert.
- Click Report Email.
Outlook for Windows
- Open the suspected email.
- Click Phish Alert Report in the Home ribbon.
- Click Report Email.
Outlook for Mac
- Select the suspected email.
- Click the three dots in Outlook.
- Select Clark Phish Alert.
- Click Report Email.
Smishing (Text Phishing)
Clark University has seen an increase in smishing (phishing via text messages). Attackers may impersonate colleagues or supervisors and request money or personal information.
Warning Signs
- Strange or unfamiliar greetings
- Spelling or grammar mistakes
- Inconsistent names or links
- Requests for information or money
- Unfamiliar or international numbers
- Urgency or threats
Examples
“Hello friend… urgently need you to buy gift cards…”
- Odd greeting
- Request for money
- Spelling errors
- Urgency
“Enter your username and password to keep your account…”
- Request for credentials
- Suspicious link
Reporting Smishing
- Take a screenshot of the message.
- Email it to helpdesk@clarku.edu
- Delete the message.
- Block the number.
Need more support? Contact the Help Desk.