...
Phishing emails can take various forms and the scammers are always evolving their methods. However, below are some examples of common phishing schemes.
Type | What does it look like? | What is it trying to do? |
|---|---|---|
“CEO Fraud” | The scammer pretends to be your boss or a VP or other high-ranking individual. --- The first email may not include any links or attachments. It will just say “I need a favor” or “are you at your desk?” --- It will likely include a statement about the sender being unavailable, such as “I’m in a very important meeting” or “I’m about to board a plane.” | You are more likely to respond quickly and without much scrutiny to a name you know of a person in a position of authority. --- They are trying to engage you. After a reply or two, they will ask you to perform an action for them: buy gift cards, initiate a wire transfer, or forward sensitive documents (W-2s, health records, etc). --- They want to discourage you from double checking the request via phone call. |
Business Email Compromise (BEC) | Likely will appear to come from an acquaintance or non-Geneseo colleague. --- Often has a subject like “____ would like to share a document with you.” --- May look like a legitimate OneDrive, DropBox, or Google Drive email or may have a pdf attachment. | You are more likely to trust an email from a familiar name. --- The sender may be someone you have exchanged documents with in the past and the scammer is trying to exploit that relationship. --- The shared document or pdf will usually contain a link to a web site requesting you to log in to view the document. This web site is designed to steal your password. |
IT Spoof | The scammer will pretend to represent CIT, Google, or Microsoft Support. --- They will use words like “urgent,” “alert,” or “compromise” to get your attention. --- It will likely make reference to your email account or voice mail box. | You are less likely to question technology-focused requests coming from IT support. --- They want you to panic and act quickly. They want you to comply with their request without taking the time to double-check the email. --- They will say that your mailbox is almost full or your password was in a recent data leak or you need an upgrade. They make statements that are often difficult to verify without help from IT. |
How do I determine if an email is suspicious?
...
Should I use “report spam” or “report phishing?”
...
| Note |
|---|
If you are unsure as to which report function is most appropriate, use "report spam." |
Use report spam, if the email is:
...
Impersonating a college official
Referencing an unexpected shared document
Wanting you to click a link to verify your account
Using urgent language to prompt you to open an attachment or click a link
...
If
...
the “report phishing” option is not available, such as on a mobile device, please use “report spam” for all types of suspicious emails.
I think I made a mistake! What do I do?
If you clicked on a phishing email before realizing it was dangerous, don’t panic!Â
...
| Page Properties | ||||||
|---|---|---|---|---|---|---|
| ||||||
|