What does a phishing email look like?
Phishing emails can take various forms and the scammers are always evolving their methods. However, below are some examples of common phishing schemes.
What does it look like?
What is it trying to do?
The scammer pretends to be your boss or a VP or other high-ranking individual.
The first email may not include any links or attachments. It will just say “I need a favor” or “are you at your desk?”
It will likely include a statement about the sender being unavailable, such as “I’m in a very important meeting” or “I’m about to board a plane.”
You are more likely to respond quickly and without much scrutiny to a name you know of a person in a position of authority.
They are trying to engage you. After a reply or two, they will ask you to perform an action for them: buy gift cards, initiate a wire transfer, or forward sensitive documents (W-2s, health records, etc).
They want to discourage you from double checking the request via phone call.
Business Email Compromise (BEC)
Likely will appear to come from an acquaintance or non-Geneseo colleague.
Often has a subject like “____ would like to share a document with you.”
May look like a legitimate OneDrive, DropBox, or Google Drive email or may have a pdf attachment.
You are more likely to trust an email from a familiar name.
The sender may be someone you have exchanged documents with in the past and the scammer is trying to exploit that relationship.
The shared document or pdf will usually contain a link to a web site requesting you to log in to view the document. This web site is designed to steal your password.
The scammer will pretend to represent CIT, Google, or Microsoft Support.
They will use words like “urgent,” “alert,” or “compromise” to get your attention.
It will likely make reference to your email account or voice mail box.
You are less likely to question technology-focused requests coming from IT support.
They want you to panic and act quickly. They want you to comply with their request without taking the time to double-check the email.
They will say that your mailbox is almost full or your password was in a recent data leak or you need an upgrade. They make statements that are often difficult to verify without help from IT.
How do I determine if an email is suspicious?
If you are uncertain about an email, trust your gut and double-check it:
- View the email within Gmail. If you use a mail client (e.g. Outlook, Thunderbird, etc.) log into your email directly by going to gmail.com in a web browser, such as Chrome. Google may apply warnings or other messages about an email that are not visible in a mail client.
- If the email appears to be from someone you know, check with that person via an alternate communication method. Call or text them using a phone number you know to be associated with them. (If the email turns out to be fraudulent any phone number listed in the email signature could also be fake).
- Check with a colleague or friend. Do they also find it suspicious? This could be especially helpful if the colleague also knows the sender. Do they know what the email is about? Do they think it sounds like something that the sender would write?
How do I report an email?
Use the options within Gmail to report spam and phishing. Click the 3 dots next to the reply arrow.
Should I use “report spam” or “report phishing?”
Use report spam, if the email is:
Use report phishing, if the email is:
- Impersonating a college official
- Referencing an unexpected shared document
- Wanting you to click a link to verify your account
- Using urgent language to prompt you to open an attachment or click a link
I think I made a mistake! What do I do?
If you clicked on a phishing email before realizing it was dangerous, don’t panic!
In 99% of cases, simply opening an email will not cause any harm. The threat comes from interacting with the email: clicking links, opening attachments, replying, etc. Contact the help desk as soon as you realize there may be a threat.
You may feel embarrassed. You may feel like you should delete any emails or files to “undo” the actions, but please do not! The emails and/or files may be needed during the follow-up.
Quickly reporting the issue and being honest about the actions you took is the best way to ensure the threat is properly handled.