Phishing that targets the staff and students at Benedictine University is on the rise and it’s becoming increasingly difficult to identify.
Phishing, an online scam by identity thieves, uses email/text along with fraudulent websites to trick you into sharing your information. This information can include credit card numbers, passwords, account data, or other valuable information.
Although we have filters in place to prevent these phishing attempts from getting through, there will always be some messages that make it past the filters. Be aware that scam emails take many forms, including those which claim to come from Benedictine University. It is critical to be vigilant to potential scams and be skeptical of unsolicited email; especially those that ask you to click on a link or reply with personal information.
Please help us keep Benedictine University’s computing and email accounts secure by reading, and following, the information below. We also strongly recommend watching the video, 11 Tips to Spotting Fake Websites and Phishing Emails.
Tips to spotting phishing attempts and email/text scams:
- Is the message or text unsolicited?
- Remember, if it seems too good to be true, it probably is.
- Are you being asked for personal or financial information?
- The message contains malicious web links
- Is the sender’s email address similar to a legitimate email address?
- Is the sender providing a fake address?
- Does the message contain an urgent request (threatening to close your account if you don’t take action)?
- Is there a generic greeting or even a lack of a greeting?
- Is the message filled with misspelled words?
- Are you being redirected or shown unfamiliar webpages?
- Are there any misleading hyperlinks?
- Is there an improper or unusual use of copyright information, logos, and graphics?
- Is the entire text of the email contained within an image rather than the text?
- Is the message coming from an address other than the organization it claims to be?
- Fraudulent emails often contain attachments, especially .exe files. (Never open!)
The email may include a prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
Are you being sent money (check or money order) and told you need to send that money to a third party?
Actions should you take:
- Never click on suspicious links or open attachments.
- If you're taken to a login page or website, never attempt to log in or enter your personal information.
- If the email or text appears to be from someone you know, contact the original sender by telephone or create a new email to ask them if the email is genuine.
- Report a phishing or spam email in Outlook by using the 'Report Suspicious Icon' button or forward email to firstname.lastname@example.org (see instructions here).
- Report any suspicious text by sending a screenshot of the text to email@example.com
Example of a phishing email
- Use of the word “catchword” followed by what the word means.
- Poor grammar throughout the body of the email.
- Urgent call to action – reply within 24 hours or lose access.
- Having to copy and paste a suspicious link into a browser.
Example of Fraudulent Web Form
- No university branding (logo, etc.).
- Use of the nonsense word, “Catch Word”.
- Being asked about a previous school you attended.
- Being asked for your previous school account’s “catch word”
Example of a Fraudulent Text Message
- Repeated sense of urgency.
- Spelling mistakes and poor grammar.
- Referring to the text as “Sms” instead of using “text” or “message”
- Phrasing in the third message makes no sense whatsoever.