Don’t take the bait – Watch out for phishing attempts

Imagine this…

You are sitting at your computer and an e-mail comes across your screen…

“Your account has been suspended. Please go to http://accountrecovery-neu.com to recover your account.”

You begin to panic – you have a paper due tomorrow, and you can’t submit it through Blackboard if you can’t access your account!

Before you click, STOP and THINK. Would Northeastern University ever ask you to validate your account through e-mail?

The correct answer is NO.

In the past few weeks, Northeastern University has been subject to a variety of phishing attacks. While most of us believe we would never fall for something like that, recent events have proven otherwise. The emails and websites are extremely convincing. In fact, some look just like an email you would receive from Northeastern University. A recent favorite is an phishing attempt pretending to be E-ZPass, where the email included text about its phishing policy to make it seem more legitimate.

EZpass phishing attempt

Even the most technically savvy individual could fall for a phishing email. It is important to remember that Northeastern University will never ask you for sensitive information through an email.

Below are a few additional helpful tips to aid you in avoiding phishing attacks:

Delete all e-mails and messages that ask you to provide personal information. Legitimate companies will never ask for this information via email. As an extra step, you can forward e-mails to the organization they are supposedly coming from to ensure they are aware of the phishing attempt. Bank of America even has a process for reporting these fake emails.

Be cautious when downloading files and opening attachments, regardless of who they are from. The files and attachments could be viruses designed to steal information from your computer.

Be on the lookout for generic-looking requests. Many phishing e-mails will be impersonal and use language such as “Dear Sir/Ma’am.” Banks and companies you do business with will, more often than not, send personalized emails.

Be on the lookout for poor spelling and grammar. Cyber criminals are not known for their spelling. Most organizations have staff who review any mass emails and wouldn’t allow it to go out with several mistakes. If you notice a lot of mistakes, it might be a phishing attempt.

Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure. For example, most sites that ask for personal or financial information will begin with HTTPS.

Phishing attempts could be made over the phone too. Remember to treat unsolicited calls with skepticism and to never provide personal information. Again, Northeastern University will never ask you for sensitive information through an unsolicited call. If something seems off, hang up and call the company back through an advertised number.

When in doubt, just ask. Northeastern University has a variety of areas you can reach out to for help. The ITS Service Desk is available 24/7 and can be reached by either e-mail at help@neu.edu or by phone at 617.373.4357 (xHELP).