Spot a Phishing Scam
What is a phishing scam?
Phishing refers to the act of using a fraudulent identity and scenario to extract personal information or something else of value. Although phishing scams can occur over various mediums including text messages, phone calls, and social media, they are most frequently carried out via email.
Scammers have many means of acquiring bulk email addresses. Receiving a phishing attempt does not mean that your account has been singled out or has been compromised in any way.
Fairleigh Dickinson University’s email accounts employ Microsoft’s Advanced Threat Protection (ATP) which, in addition to traditional spam filtering, removes malware infected attachments and utilizes Safelinks to scan messages for malicious links. Additionally, we have appended the subject line of messages coming from outside of the FDU domain with the “[External]” tag. Although phishing can occasionally come from inside of our domain, messages with the external tag demand extra scrutiny.
Despite all of these efforts, keeping up with the latest scams is always a cat and mouse game. It is best practice to have a solid foundational knowledge of how these scams work.
Detecting a Phishing Scam
Although each phishing scam is unique, there are certain common traits which can serve as red flags. The most common “tell” is a sense of urgency. Generally, phishers would like for you to act promptly and without careful consideration. As a result, they will pepper their email with phrases such as “immediate action required” and “to avoid the immediate suspension of your account”.
Although an urgent tone is likely to be your first clue, there are plenty of other red flags that you will begin to notice over time. Many phishing attempts are poorly constructed emails. Incorrect spelling and grammatical errors are common. The message could contain a blank subject line and the sender’s signature may only list their title instead of their name. Be wary of messages in which the quality of writing does not meet your expectations for the purported institution.
The goal of many scams is to make a request for your personal information. This can take the form of bluntly asking for your social security number. However, it may also take a subtler approach. Many phishing attempts will create a mock version of a University, banking institution, or commerce website and ask you to log in. Once you enter your account information, the scammers have acquired your password.
Although most phishing scams cast a wide net, some recent attacks have specifically targeted individual members of the University. If someone is claiming to be your colleague or supervisor, check to confirm that the message is coming from their FDU account. Do not trust messages claiming to be from FDU employees which originate from external accounts such as Gmail and Yahoo.
Many of these personalized scams also have a very specific common thread. After a bit of conversation, the scammer will request that you purchase gift cards for common services such as iTunes, Google Play, or Amazon. No, your boss does not urgently require you to purchase gift cards out of pocket.
Also, beware of solicitations coming to your FDU email address from businesses offering deals or asking you to click on a banner to receive a promotion. Make sure that the email is coming from the domain of the company offering the sale or promotion.
What does a phishing scam look like?
Now that you know what to look for, let’s look at a sample phishing attempt:
Reporting a Phishing Scam
You can use your newfound expertise to assist the FDU community. When you see a message that you believe to be a phishing scam, please report it to us. Via Outlook this can be accomplished via our reporting tool. Please see Reporting Phishing or Junk Emails for more information. If you are using an alternative mail client such as Apple Mail, you can forward the suspected scam to firstname.lastname@example.org.
How should I proceed if I have already replied to a Phishing Scam?
Please change any passwords that you have provided to the scammer. Once this is completed, please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) for further instructions.