Cybercriminals continue to evolve their tactics when it comes to finding ways to access accounts and private information. Email compromise attacks are perhaps one of the most rewarding techniques for hackers.
Email compromise attacks are a form of phishing where an attacker masquerades as a trusted entity—such as a colleague or even a Northeastern department—to trick you into clicking on a link, sending private information, or even downloading malicious software onto your device.
Here are some tips to avoid falling for these scams.
Watch for red flags
- Requests for your username and/or password. Northeastern will never ask you to provide your password through email.
- Time-sensitive requests such as losing access to your account without a response.
- The sender is unfamiliar or doesn’t make sense for the context of the email.
- The “from” field displays a name or department, but the “sending email address” does not match (e.g.: the email is sent from “northeasternHR@gmail.com”)
- Links that are unfamiliar and/or don’t match your expectations. Never click a link if you’re uncertain about an email’s authenticity.
Identify common scam tactics
- Requests to make contact via phone or a non-Northeastern email address.
- Emails claiming to be university/Office365 account de-activation notices.
- Emails related to unsolicited job opportunities and announcements.
- Requests to purchase equipment or some kind of limited-time opportunity.
- Emails asking for Duo authentication details–Never approve a Duo authentication request you did not initiate.
Report suspicious emails and scams
Always verify requests in emails before you act on them. Make sure to:
- Forward suspected messages to phishcatcher@northeastern.edu and read the detailed instructions on how to report phishing.
- Review the FAQ: Reporting scams and identity theft.
- Visit the Phish Bowl at Northeastern, a resource that identifies examples of reported phishing attempts.
- Contact the Office of Information Security if you’ve encountered suspicious activity related to your university accounts or technology for immediate assistance. You can also report the incident to the FTC to aid in tracking scams.