Phishing Attempt: Be Vigilant
Jun 26, 2024
Malicious actors are constantly attempting to get valuable information from individuals and use social engineering, phishing and smishing (SMS text-based phishing) attempts to obtain it. What may seem like an innocent or normal email or request, may be a targeted attempt to steal your or the university’s information and data.
Always be mindful when you receive an email from anyone—even someone you think you know, as their account may have been compromised and/or a malicious actor is posing as them from a false account—and review the message for telltale signs that it is not legitimate.
The easiest clues to spot will be:
- spelling and grammar mistakes
- an unusual or incorrect email address (as seen in the screenshot above of a recent phishing scam that was sent to a university employee)
- an urgent or unusual request
A legitimate university employee or vendor will never ask you outside the appropriate channels and university systems for any personal information such as a personal phone number, credit card, personal email or password, and they will never ask you to purchase something for them that does not follow the university procurement process—such as using a personal credit card or purchasing gift cards on your own without the required approval.
It may not seem a huge risk to provide a personal phone number to a malicious actor, but it is. Any personal or university data obtained by a malicious actor could potentially be used as an entry point to more social engineering. Stay vigilant and don’t give malicious actors the opportunity. If you are ever unsure, right click on the email and report it as phishing. A member from the Information Security and IT Compliance team will review it and report back to you in a timely manner.
