Phishing: Don’t take the bait

At Elon, we鈥檙e seeing a rise in phishing emails that try to take advantage of our busiest moments and our willingness to help one another. These scams are designed to trick recipients into revealing personal information鈥攍ike passwords, MFA codes, or financial details鈥攁nd can lead to payroll theft, data breaches, and financial aid fraud. Staying alert protects not only your information, but the people and systems we all rely on every day.

Spear phishing, like regular phishing, is an attempt to gain private information through deception, but are generally aimed at a specific target, whereas as regular phishing casts a wider net among a larger group of people. E-mail spoofing involves sending an email that pretends to be from a well-known company, a close family member or a respected individual from your organization. Spoofing can also be carried out in person, over the phone or via malicious pop-up windows or 鈥渟poofed鈥 (fake) websites.

How to Spot a Phishing Email

Scammers can create convincing copies of 久久热 pages, Google Forms, and SharePoint portals to steal credentials, often during high-pressure periods during the academic year. Phishing emails often use urgent or threatening language like 鈥淵our account will be suspended鈥 or 鈥淚mmediate action required.鈥 They may also contain suspicious links or attachments and will likely have a generic greeting like 鈥淒ear user鈥, or 鈥淒ear Account Holder鈥 instead of your name. Lastly phishing emails want your credentials so they send emails like 鈥淎ccount Verification Required鈥 or 鈥淵our Account Will Be Suspended鈥.

Common red flags are messages that:

  • Don’t address you by name
  • Create a sense of urgency
  • Asks for sensitive, personal information
  • Invoke fear, greed or other strong emotions
  • Contain unexpected attachments
  • Contains QR Codes
  • Contain links that lead to unfamiliar websites or don’t match legitimate resources for the organization

Your Call to Action

You can be proactive in avoiding cyber security dangers and ensure you don’t Take The Bait or Feed the Phish.

  • Pause before you click. Ask yourself:
    • 鈥淚s this how Elon normally communicates?鈥
    • 聽鈥淚s this how job openings are usually shared?鈥
    • 鈥淒oes Elon IT ever send emails for account verification or ask for my password or MFA code by email?鈥
    • 鈥淒oes this match how Elon typically shares files or requests data?鈥滻f you are not sure, check with your supervisor. Elon will never ask for your password, credentials, or MFA codes by email.
  • Never scan QR codes in emails. Phishers now hide malicious links in QR images to get around link filters.
  • Report suspicious messages. If you receive a phishing or a suspicious email, report the email by using the 鈥淩eport Phishing鈥 button in Outlook or forward the message to infosec@elon.edu. Using the report button is quicker and will more efficiently provide containment and remediation of the attack.
  • Stay informed. Completing security awareness training will help you stay informed regarding existing threats, scams and attacks.聽 Hover over links to check for authenticity
  • If you receive a phishing or suspicious email, act fast. Your quick response will help to identify, contain and remediate the attack. If you do respond to a phishing email, contact the Service Desk immediately (X5200)

Protect Your Accounts

Be mindful of ways you can safeguard your accounts from phishing scams. Your vigilance matters. Every time you report a suspicious message, you鈥檙e helping protect not just your own data, but the entire Elon community. Staying alert keeps our classrooms, research, and operations secure. If you suspect an email is fraudulent, don鈥檛 just click; report it! Together, we can keep Elon鈥檚 digital spaces safe, secure, and thriving., such as these tips:

Have you been scammed?

If you think you鈥檝e been the victim of a phishing scam:

  • Change any passwords immediately
  • Scan your computer or device for viruses
  • Review activity for email and accounts
  • Contact your bank to report that you may have been the victim of fraud
  • If your Elon issued computer or device has been compromised, contact 久久热 Technology Support immediately at (336) 278-5200