Beware of University Phishing Attempts

A fish being lured by an email envelope on a hook
November 12, 2024

Phishing (pronounced fishing) is a common cyberattack where attackers impersonate legitimate organizations or individuals to deceive victims into revealing sensitive information, such as usernames, passwords, financial details, or personal identification numbers (PINs). The most common method of phishing is through email, though phishing attempts can also come through text messages ("smishing"), phone calls (voice phishing or "vishing"), and even social media messages.

Phishing emails often look like they’re from trusted sources — like Weber State's IT department, a well-known service provider, or a campus organization — and they may include requests for personal information, account verification, or immediate action on an account. These messages typically try to create a sense of urgency, fear, or excitement to prompt a quick response from the victim.

How to Spot Phishing

Spotting a phishing attempt is not always easy, but there are several tell-tale signs that can help you recognize malicious emails or messages. Here are some common red flags to watch out for:

  • Suspicious Email Addresses and Domains - Legitimate university communications will always come from official university email addresses (e.g., csupport@weber.edu). Phishing emails often come from addresses that closely resemble, but don't exactly match, official domains (e.g., @weber.com,  @univeristy.edu or @weber-accounts.com).
  • Generic Greetings - Phishing emails often begin with generic phrases like "Dear Student," "Dear User," or "Dear Sir/Madam," rather than addressing you by your name. While universities might send bulk emails, legitimate messages typically personalize the greeting with your specific name or student ID.
  • Suspicious Links - Hover your mouse over any hyperlinks (without clicking!) in an email to see where they lead. Cyber-attackers often disguise malicious links to look like legitimate URLs, but they may lead to a different website altogether. For example, a link that says “Click here to verify your account” might actually direct you to an unrelated site designed to steal your login credentials. A lot of the time, these links will take you to a website that looks like a familiar site such as the Weber State login page, or even a Google form that looks official from the university.
  • Urgent or Threatening Language - Phishing messages often create a sense of urgency. Phrases like “Immediate action required,” “Your account will be suspended,” or “Verify your information within 24 hours to avoid consequences” are typical tactics used by attackers. Weber State will rarely, if ever, send such threatening messages that require immediate action.
  • Spelling and Grammar Mistakes - Many phishing emails contain spelling, grammar, and punctuation errors. Official communications from the university  are typically proofread several times and well-written, so any odd phrasing or inconsistencies in formatting are red flags. Keep in mind with the advent of AI tools, spelling and grammar mistakes may be less obvious.
  • Unusual Attachments - Phishing emails may include attachments that seem out of place, such as unexpected invoices, forms, or documents. Be cautious with any email attachment that you were not expecting, especially if it asks you to open or download a file from an unfamiliar sender.
  • Too Good to Be True Offers - If you receive an email offering something that sounds too good to be true -— such as a scholarship, a free laptop, or an unusual prize — be wary. Phishing attempts often disguise themselves as prize-winning notifications or fake scholarship offers to lure you into revealing personal information.

What to Do If You Receive a Phishing Attempt

If you suspect that you’ve received a phishing email or message, it’s important to take the right steps to protect your account. Here's what to do:

1. Do Not Respond or Click on Any Links.   If you think an email is a phishing attempt, don’t engage with it. Avoid replying to the message, clicking any links, or downloading any attachments. Cyber-attackers often use these tactics to gain access to your personal information or install malware on your device.

2. Verify the Source. If the message appears to come from a university department, contact the department directly using the contact information found on the official university website (not the contact details in the email). Similarly, if the message looks like it's from an external service provider (like a bank or email provider), go directly to their website and log in to verify if there is any action required.

3. Report the Phishing Attempt.  Click the 3 dots in the upper right corner of the email. Then click "report phishing" which will notify Google of the email and prevent these types of emails in the future.

4. Delete the Message. Once you’ve reported the phishing attempt, delete the message from your inbox and your deleted items folder to prevent accidental interaction with it later.

5. Change Your Passwords. If you accidentally clicked on a phishing link and entered sensitive information like a password or personal identification number, immediately change your passwords. Update your university login credentials as well as any related accounts (e.g., email, banking, social media). Never divulge your Duo (MFA) pin number or accept a push when you didn't initiate it in Duo.

6. Run a Security Scan. Phishing emails may contain malware or viruses that could infect your device. Run an antivirus or security scan to ensure that no malicious software has been installed on your system. You should contact the IT Service Desk or your CTC for help.

Conclusion

Phishing is a persistent threat in today’s digital world, and Weber State is also  often targeted due to the large number of users and the valuable information it holds. By staying vigilant and learning to recognize the signs of phishing attempts, students, faculty, and staff can protect their personal and academic information from malicious actors. If you receive a suspicious message, always verify the sender’s identity, avoid clicking links, and report the attempt. Taking these simple precautions can help keep your account and Weber State safe from cybercriminals. Visit weber.edu/iso/phishing.html to learn more.

IT Service Desk

801-626-7777

csupport@weber.edu

weber.edu/help

Lampros Hall,  110  

About The Author

Kyle Peterson
IT Learning & Development Specialist
Back to Blog
RSS
Click to Copy

Popular Posts

November 12, 2024
Beware of University Phishing Attempts
By Kyle Peterson, IT Learning & Development Specialist
April 5, 2024
Time to Spring Clean your Cloud Storage
By Emily Miller, IT Learning and Development Specialist
March 19, 2024
Duo Two-Factor Authentication to Protect University Accounts
By Kyle Peterson, IT Learning and Development Specialist
August 21, 2023
The Information Technology Division Wishes Dr. Bret Ellis the Best on his Future Endeavors
By Written by CETE, Communications, Events, Training and Education
July 31, 2023
Welcome Student Affairs Technology!
By Written by CETE, Communications, Events, Training and Education
March 27, 2023
Don't Be April Fooled by Scammers
By Written by ChatGPT, Edited by CETE, Communications, Events, Training and Education