/
Security - Identifying Phishing Scams

Security - Identifying Phishing Scams

Before You Start

What is phishing?

According to the National Institute of Standards and Technology, phishing is the act of “tricking individuals into disclosing sensitive personal information through deceptive computer-based means.” In phishing scams, “the perpetrator masquerades as a legitimate business or reputable person” and attempts to gain access to this information using fraudulent emails, links, and websites.

Prevent phishing

  • Never share your Clark University password.

  • Do not use your Clark University email address for personal matters.

  • Do not click links or open attachments from unknown senders.

Warning: Please do not download, save, or forward suspected phishing emails to the Help Desk.

Phishing Emails

Warning signs

Phishing emails usually contain one or more of the following warning signs:

  • Strange or unfamiliar greetings

  • Spelling or grammar mistakes

  • Inconsistent email addresses, names, or links

  • Questions about personal or contact information

  • Threats, “emergencies,” or a sense of urgency

Examples

To: helpdesk@clarku.edu

From: smithluke@gmail.com1

Subject: CoolTech

My name is Luke Smith and I am the account manager for Clark University at CoolTech Solutions. Unfortunately, the university’s account with us is in default and needs to be updated immediately in order to avoid legal action.2 Please make a payment at this link as soon as possible: www.paypal.com/cool3

Thanks,

Luke Smith

 

1. Inconsistent email address: The sender identifies himself as an employee for CoolTech Solutions, but this message was sent from a Gmail account rather than a professional email address associated with the company’s name.

2. Threat: This email contains an implicit threat of legal action and urges the recipient to pay “as soon as possible.”

3. Inconsistent link: the payment link directs to PayPal rather than a professional website associated with the company’s name.

To: helpdesk@clarku.edu

From: martialht***@gmail.com1

Subject: work opportunity

Dear Student,2

I am Dr,Professor Martial Hebert

and I work as a Clinical Counsellor for the Department of Disability of United Nations Central Emergency Response Fund Secretariat (UNCERF) I provide individual and group therapy, coaching, assessment, and academic screenings to support students with disabilities (Physical, Chronic, Psychiatric, & Invisible) registered with (UNCERF).

You have received this email because you have an offer from the University Office for able Students to work with me while we help students with disabilities frustrated with ignorance and lack of services as my temporary personal assistant.

The sensitivity of this position warrants the office holder to be upright, responsive, accountable, trustworthy, emphatic, persevering and honest. This is a very simple job. You will only help me purchase some Items and important matters when needed. This employment only takes an hour a day and 3 times a week for $1550 weekly.

I am unable to meet up for an interview because I am currently away and helping the students in Australia. You will be paid in advance for all tasks and purchased to be done on my behalf. Upon my arrival we will discuss the possibility of making this a long-term employment if I am impressed with your services while I am away.

Do confirm acceptance of this position if you are interested in moving forward kindly, please provide or fill in the below form

Full names:3

DOB:

Address:

Cell Number:

WhatsApp number:

Google chat email:

I await your positive response

Sincerely

Dr,Professor Martial Hebert

Professor Humanitarian Relief

 

1. Inconsistent email address: This person claims to be working for a division of the United Nations and also claims to be a professor, yet this message was sent from a Gmail account rather than an account associated with the United Nations or an educational institution. 

2. Strange greeting: the Help Desk is not a student. 

3. Request for personal information: This email asks for personal information such as full name, date of birth, and mailing address. 

Reporting Phishing Emails to ITS

Outlook for the Web

  1. Open the email you suspect to be a phishing attempt. Do not click any links or attachments in the email.

  2. Click on the three dots in the upper right corner of the email.

  3. Click Clark Phish Alert at the bottom of the menu.

  4. Click Report Email.

Outlook for Windows

  1. Open the email you suspect to be a phishing attempt. Do not click any links or attachments in the email.

  2. Click Phish Alert Report button located at the end of the Home ribbon.

  3. Click Report Email.

Outlook for Mac

  1. Select email you suspect to be a phishing attempt. Do not click any links or attachments in the email.

  2. In the Outlook menu, click the three dots.

  3. Click Clark Phish Alert.

  4. Click Report Email.

Smishing (Text Phishing)

Recently, Clark University has seen an uptick in smishing, or phishing through SMS text message. In these messages, the cybercriminal will pose as a colleague, supervisor, or important member of the Clark community and text you from an unfamiliar phone number, usually asking for personal information or some form of monetary compensation.

Warning Signs

If you receive a text message from someone claiming to be your colleague or supervisor at Clark University, look out for these warning signs:

  • Strange or unfamiliar greetings

  • Spelling or grammar mistakes

  • Inconsistent names or links

  • Questions or demands for information and/or money

  • Unfamiliar or international area code

  • Threats, “emergencies,” or a sense of urgency

Examples

Hello friend,this is your Uni Pres.1 I urgently need you to buy egift cards in the amount of $1002 for the Business Office to recieve a donation to the school, please sned3 them to me as soon as you can.4

1. Odd greeting and abbreviation.

2. Demand for money

3. Multiple spelling errors

4. Sense of urgency

Congratulations on your graduation from Clark University! If you’d like to keep your account after graduation, please input your username and password1 at this link: bit.ly/343542

1. Clark University ITS will NEVER ask for your account password. This person is asking for personal information.

2. Inconsistent link: this link included in the message is not affiliated with Clark University.

Reporting Smishing

  1. If possible, take a screenshot of the text message and/or phone number that sent the message.

  2. Send the screenshot to the ITS Help Desk at helpdesk@clarku.edu

  3. Delete the text message.

  4. Block the number which sent the message.

Support

Warning: Please do not download, save, or forward suspected phishing emails to the Help Desk.

ITS Help Desk

ITS Help Desk

Phone: 508-793-7745

Email: helpdesk@clarku.edu

Academic Commons, Plaza Level