Spot a Phish

How to Spot a Phishing Email

If you believe an email is a phish, forward it to InformIT@ncat.edu. ITS will analyze the message and take corrective action as necessary.

Scammers use phishing emails to steal passwords, account information and other personal data. Sometimes the goal is to steal your password and use your account for additional phishing. Sometimes it is to lure you into a trap to gain access to private information or even steal your money. Here are some helpful tips to spot a phishing attempt. 

Jobs, Summer Employeement or Internships

The university has seen several waves of phishing emails offering a job, summer employment, or an internship. In many cases, these scammers use the names of actual Aggie faculty to set up an account in a free email service. In other cases, the scammers used compromised accounts of Aggie employees or students.

If you follow a link in the email and enter your username and password, you are giving away your login credentials to the scammer. The university has seen recent situations where people believed they had a job and were conned into transferring their money to the scammer. In some of these cases, they received an image of a bogus check and were asked to deposit it. When the deposit failed, they were asked to transfer funds from their account. Some were asked to make a few smaller transfers instead of a single, larger transfer to avoid detection.

Always check the name and the email address of the sender. Genuine emails from faculty will come from an ncat.edu email address, not a free service like gmail.com or yahoo.com. If there is any doubt, confirm the legitimacy of the offer as outlined below. If something sounds too good to be true, it probably is. 

Part Time Jobs That Pay for Minimal Work

A variation used by some phishers is to offer an unreasonably high wage for simple tasks like walking a dog, apartment sitting, or running errands. Waves of these messages come throughout the year. Once again, check the name and email address, and confirm the legitimacy of the offer as outlined below. Remember, if something sounds too good to be true, it probably is. 

Demands for Immediate Action or Threats of Legal Action

Some scammers will impersonate a government agency like the Internal Revenue Service (IRS) and warn of impending legal action unless you respond immediately. Sometimes, they will refer you to a web site where you can supposedly see more information. This is just an attempt to frighten you to respond reflexively and without careful thought. Most government agencies are not going to contact you via email unless you have previously registered an email address with them. If they do send email, it will come from an official government domain, such as irs.gov. It will not come from a free email domain like gmail.com or yahoo.com. If it is a notice, it will likely be accompanied by a paper letter sent via regular mail. Likewise, the web site will be in an official government domain. As always, check the email address, and ensure the web site is in an official domain. An authentic message will provide a working phone number you can call for more information. If there is any doubt, confirm the legitimacy of the message as outlined below.

Warnings of a Security Issue

A related phish will masquerade as a major technology company such as Microsoft, Apple, or Google and will encourage you to take action to correct a problem with your account or some other security issue. This is usually another attempt to make you panic. Most of these companies do not monitor university-owned computers or accounts for security issues. Those that do will contact Information Technology Services (ITS) instead of contacting you directly.

If you are using software from one of these companies on a computer you own or you have a personal account on one of their services, they may contact you directly. If they do, the email will come from an official domain like microsoft.com or google.com. It will not come from a free service like hotmail.com or gmail.com. And it will offer you a way to confirm the legitimacy of the message.

Emails from the Chancellor or Your Supervisor Asking for a Favor

A favorite technique is to impersonate someone you know and send a message with a vague request such as "I'm in a meeting and I need you to help me." If you respond, you'll get a second vague email with just a little more information like "I need to have this done by 5:00 p.m. but this meeting is running long." If you continue to respond, the scammer will eventually ask you for personal information or to do some urgent task, like transferring money to some bank account or buying gift cards and sending the data to some email address. This is called whaling and is designed to lull you into believing you are exchanging email with the impersonated person. The more you believe that, the more likely you are to do what the scammer asks.

Most of the time, the scammer will select a small number of victims and impersonate someone these people know. These attacks often occur late in the day before the weekend or a holiday when most people are trying to finish their work so they can leave. At that time, their guard is down and they are not thinking critically about what is happening. The university has seen situations where people have actually transferred their own money to scammers as a result of whaling.

Bad Grammar and Spelling Mistakes

Phishing emails often use poor grammar or contain spelling mistakes. Be wary of any email that contains either. If there is any doubt, confirm the legitimacy of the message as outlined below. Better safe than sorry.

Unfamiliar Greeting or Language

Most legitimate email is exchanged between people who know each other. Those messages tend to use consistent greetings and language. Messages that use an unusual greeting or language may be a phish. Check the email address. If there is any doubt, confirm the legitimacy of the message as outlined below. Better safe than sorry.

Update your Payment Information or Personal Data

Some phishes impersonate a legitimate service and ask you to update your payment information or other data. The scammer will often set up a fake web site to mimic a real site. Once again, these messages will come from an official domain like netflix.com and not a free email domain like gmail.com. Check the email address and user and confirm the legitimacy of the message as outlined below. Better safe than sorry.

Sharing a File or an Attachment

A common way to spread a virus or malware is to share a file via OneDrive or some other service, or attach the file to a message. While this is not a phish per se, the malware may attempt to alter the configuration of your computer, log your keystrokes, or otherwise direct you to a site to steal your password or data. Be very leery of any file sent via email that you were not expecting. Always check the email address and confirm the legitimacy of the message as outlined below. Better safe than sorry.

How to Verify the Legitimacy of a Suspected Email

If you believe an email is a phish, it is important that you do not reply to the message and you do not copy any email addresses or web site links from it. Instead, if you have the email address of the supposed sender, create a new email message (not a reply) to contact that person, explain the situation, and verify the legitimacy of the message.

If you don't have the email address, look on the organization's web site. If you can't find an email address for the supposed sender, use the service address provided on the organization's web site. 

In any case, create a new email message, and don't reply to the original.

If you need to call the organization, use its web site to find a phone number. Don't use a number provided in the suspect message. 

This simple process may take a bit longer, but it helps you determine the legitimacy of the message and prevents you from communicating with the scammer. 

If you believe an email is a phish, forward it to InformIT@ncat.edu. ITS will analyze the message and take corrective action as necessary.