Google says your passwords are compromised. The dean needs to see you ‘urgently’. Your bank says you’ve been assessed a seemingly random $200 fee.
None of these alerts are real events, but rather examples of phishing emails in which criminals try to get you to click links or share private information.
You’re probably familiar with the term “phishing” by now, and maybe you’ve even reported a few questionable emails yourself. Yet, it seems so counterintuitive – here’s a whole world of technology built around the idea of clicking links, and here is the tiny voice of your security awareness trainers trying to convince you not to click.
Two rules to keep in mind:
- Know your sender: The ‘display name’ should match the email address the message has been sent from.
- Know your content: The URL from links and other content redirects should match the address of the company it claims to be from.
The best way to research the links is to hover your cursor over them without clicking. If the email says it’s from the Dean of Students but the link goes to a server in Belarus, report it instead of clicking.
And, while it may be easy to remember the two rules, becoming a true anti-phisher person requires your time and attention daily. It’s best if you can structure your digital life so that you only review emails when you can truly focus and are not distracted. That way, you’re more likely to bring your powers of observation online before you automatically click a phish.
If an email says it’s from an office at Northeastern, but you think it might be a phish, call that office or the ITS Service Desk (see below) to confirm before you respond. Remember that Northeastern Information Technology Services will never ask for your password or password hints in an email.
What if I get a suspicious email?
Contact the ITS Service Desk (617-373-4357) or open a live chat. You can also forward the email to firstname.lastname@example.org. Outlook users: Use the Report button to let Northeastern know about a suspect message.
What if I accidentally responded?
If you responded to a phishing email with your myNortheastern username and password, please contact the ITS Service Desk (617-373-4357) immediately or open a live chat.
If you have responded to a phishing email with your financial or credit card information, please contact the issuing bank or credit card company for assistance as quickly as possible.