As incidents of email phishing increase, we can all play an important role to prevent malicious attempts. Learn to recognize and report suspicious or malicious emails, text message, or phone calls with these best practices. Together we can help protect the security of your personal accounts as well as confidential college data.
PHISHING ALERTS 11/16-11/20
There have been many reports of voicemails left on Davidson office phones asking users to return the call. Once contact is made, users are told that their identity has been stolen and personal information is needed to verify the incident.
These types of phone scams are a common way to get users to reveal confidential information. As a reminder, never provide any personally identifiable information over the phone. If you receive a call or voicemail asking for personal information, please hang up or disregard it.
Cloud-Based Malicious Links
To better inform the Davidson Community of the ever-changing landscape of cybersecurity and phishing emails, we wanted to alert the campus phishing emails that use O365, Google Drive, or Dropbox as the launch point.
T&I has identified multiple phishing emails using these methods in an attempt to persuade users to click on malicious links. An example is the phishing attack below, where a bad actor sends unsuspecting users an email. When the user clicks the link they will be taken to a Google doc that contains a link to a fake office 365 login page.
Some hallmarks of this phishing email are:
- Check both the name and email address of the sender.
- Google identifies the sending email address in the request.
- Check with the sender to verify the email is authentic
- Check for warning messages at the bottom of the email.
If you notice these hallmarks or the name associated did not send the email STOP and REPORT the email to us by forwarding it to firstname.lastname@example.org
Never Provide Personal Information
Never provide personally identifiable information, such as passwords, credit card account numbers, social security numbers, usernames, banking account information, or any other confidential information through email.
Be aware and take the time to recognize phishing emails
Messages with suspicious, misspelled or contain grammatical errors, or that reference generic departments like "support" may be scam emails. Pay attention to generic or unusual greetings email signatures, especially those attempting to pose as one of your known contacts.
Never reply to unsolicited emails, text messages or phone call
Messages that ask for personal information including account name, passwords, social security numbers, or credit card information should not be trusted. Davidson College will never ask you for this information over email or text messaging.
Never purchase gift cards on request from an unsolicited email, text message or phone call
Messages that ask you to purchase gift cards should not be trusted. Davidson College will never ask you for this information over email or text messaging.
Do not click links or open attachments
If you suspect or are uncertain about an email that contains links or one or more attachments, forward the email to T&I and our security team will take a closer look.
Keep your software up to date
Keep your devices updated and use antivirus software.
Report it If you are unsure or have concerns about the legitimacy of an email, forward it to email@example.com.
Review the Social Engineering Red Flags document which details email components and things to look for in a phishing attempt.