Phishing: Do not take the bait
Phishing: The attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
If you suspect phishing, report it to the GVSU IT Service Desk by sending an attachment of the suspected email to [email protected]. We need to know about malicious emails to stop them from spreading; Think B4U Click!
The Red Flags of Phishing
1. Too Good To Be True
Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don't click on any suspicious emails. Remember that if it seems to good to be true, it probably is!
2. Sense of Urgency
A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it's best to just ignore them. Sometimes they will tell you that your account will be suspended unless you update your personal details immediately. Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet. When in doubt, visit the source directly rather than clicking a link in an email.
A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling — like www.bankofarnerica.com (the 'm' is actually an 'r' and an 'n') — so look carefully.
If you see an attachment in an email you weren't expecting or that doesn't make sense, don't open it! They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
5. Unusual Sender
Whether it looks like it's from someone you don't know or someone you do know, if anything seems out of the ordinary, unexpected, out of character, or just suspicious in general, don't click on it!
Common Phishing Emails
Student Employment Scams
These scams are usually sent from Gmail Accounts claiming to be with different organizations. In the past we've seen impersonations of Handshake, Cisco and UNICEF. These messages claim to offer weekly pay for limited hours, and ask for several pieces of personal information.
Victims of this scam are later asked to purchase several gift cards (sometimes to the tune of $2000) and send the codes on the back to the scammers.
Invoice and Fax Phishing
These scams target faculty and staff members, attaching an htm or html file that claims to be an invoice or fax message for the recipient. These files then bring you to a fake login screen (Usually impersonating Microsoft) designed to steal your credentials.
If you ever realize you've fallen for one of these scams, reset your password as soon as possible.
Password Retention Phishing
These scams attempt to create a sense of urgency by claiming that your password is set to expire soon, and offer a link where they claim you can retain your current password.
These links often go to places like Google Forms or similar survey services, or sometimes fake login screens, where they then collect the credentials that you've entered.
GVSU, as well as any organization with the security of its users in mind, will never allow you to retain an expiring password.
"Available Cell Number" Gift Card Scam
These messages target Faculty and Staff by impersonating senior positions at GVSU (dean, provost, director, etc) while sending from a Gmail account, usually with some misspelling of Executive Director in the address. They claim to have a favor to ask over text message, and ask you to send your mobile phone number. Once you've sent your phone number, the scammers attempt to get their victim to buy several gift cards, and send the codes on the back.
Identity Theft Tips
Visit the USA.gov site to learn how to protect yourself from identity theft or report an identity theft. Please inform your local employment agency of Tax ID theft. Visit the Federal Trade Commission to learn of ways to reduce your risk of identity theft.