Don’t get caught in a phishing net – learn how to spot email scams

An urgent message from an international banker comes up in your inbox. What do you do? Most of us don’t even think twice, we just delete it.

You get an important notice from Northeastern about your benefits or your classes. What do you do? Most of us don’t think once or twice, we just open it.

Scammers are counting on this when they use new, targeted attacks. Northeastern students, faculty and staff have been specific targets for email scams intended to steal your money, your financial and personal information, or hold your data hostage through ransomware Trojan attachments. These emails are not random, but rather targeted because you are a member of the Northeastern community.

These “spear phishing” attacks are not generic. They invite you to click with subject lines and messages about topics you care about – information about your HR benefits, recommendations for courses that will help you get a job – in emails that have logos and other elements that make them appear as if they are officially from Northeastern. Then, if you are tempted enough to click on any of the links, the scammers may have set up sites that are almost like a Northeastern site, but not quite.

This type of targeted phishing email is a lot more work for the scammers, however, they are not going to stop because these types of attacks are successful. So how do you not get caught by a phishing email?

The tips below highlight a range of issues to keep an eye on as you scan through everything in your inbox. They aren’t foolproof, but raising your awareness across the board is the most effective way to up your chances.

Bottom line – What will NEVER be in an email from Northeastern

There are two things that should immediately set off alarms in your head:

Northeastern will NEVER ask you to 1) validate an account, or 2) send sensitive information through email.

If you see either of those requests in an email, do not click on anything. Forward the email to If you have questions, contact the Office of Information Security (

What to look for in an email

Even if you don’t see those requests, there are several other red flags that could let you know that the email is not from Northeastern. Below is an example of an email that some students received.

Annotated screenshot of spear phishing email - click to enlarge
Annotated screenshot of spear phishing email – click to enlarge
  1. Be aware of unusual senders – Fight the tendency to skim over this and pay attention to the “From” email. Even if it looks like it comes from an address, ask yourself whether that is how an area of Northeastern would represent itself.
  2. Check the links – Don’t just click links in an email, look for the text of the URL behind them for “” or “” On a computer, you can see this by hovering your mouse over the link text, as you see above. On a phone, long-press the link text to bring up the URL along with the options. For anything that is not a Northeastern site, carefully examine it. External Northeastern partner sites – such as – are rare, and will require the extra step of having you to sign in with your myNEU username and password.
  3. Read what’s written – For all the work that goes into these emails, the language used in them often is not the best, and you don’t have to be an English professor to catch that. Missing words, wrong words, bad capitalization, and poorly worded sentences are all things to look out for in the text. However, with technological advances, criminals may now be using services that translate spear phishing emails into correct English or the language of their targets. Language use may not be a reliable indicator by itself.
  4. Look for ways to verify the email – Names of individuals or programs in the text can be used in a search to confirm that the email comes from a Northeastern source. If there isn’t anything like that in the email, that’s a big sign that it’s not real. If there is a name, though, don’t hesitate to look up and contact that member of the Northeastern faculty or staff to check.

What to look for on a click-through site

If you do click on a link in a phishing email, the sites that link leads you to will also have warning signs.

  1. Northeastern offers links to external services – There are a number of online services available through third parties, but if there is one that Northeastern suggests that you use in an email, it will be through the myNEU portal or another channel that is easily recognizable as official.
  2. Can you tell where you are? – All Northeastern sites are good at identifying where they fit in the university community. If you can’t tell, don’t click.
  3. There should be contact information – All reputable sites have a way for you to contact the site owners. Look at what’s there, and don’t be afraid to reach out to verify what you’re seeing.

What to do if you’re not sure

If none of the checks above have made you less suspicious about whether an email or a site is legitimate, send a copy of the phishing email to If you have questions, contact the Office of Information Security at They are there to help you.

What to do if you took the bait

If you suspect that you responded to a phishing email with your myNEU username and password, or any other Northeastern information, contact the ITS Service Desk at 617.373.4357 (xHELP) or immediately.

If you responded to a phishing email and entered any financial information for a payment, contact your bank, and the issuing credit card company, PayPal, or other payment system.

Above all, do not be afraid to admit that you fell for the scam in a phishing email. No matter how savvy you are, these attacks are getting more sophisticated.

ALERT: Phishing Email And Website –

Northeastern is currently the specific target of a scam designed to steal money and financial information from members of our community. These criminals are using a process known as “spear phishing” – a highly targeted form of phishing that specifically focuses on a particular individual or group, with the aim of gaining access to your personal and financial information. Please read on to learn more about what to look for, and what actions to take if you are targeted.

Recently, Northeastern students, faculty and staff received emails appearing to be from the address neucourses[at] These emails have a variety of subject lines intended to draw people in, including “Internships and Jobs for NEU students !” and “Important Notice for Northeastern University students.” At a quick glance, the email looks like a new student service offered to assist with the interview process. Links in the email bring the reader to an authentic looking, but fake, site: neu-courses[dot]com.

Spearphising email - June 2015
Screenshot of the spear phishing email sent to Northeastern students, faculty and staff.

The spoof site features the Northeastern logo, university web design elements and even the Empower campaign button. Fake classes are displayed with a Register Now button. This scam is designed specifically to steal money from those who input their information to the linked PayPal checkout.

Spearphishing website - June 2015
Screenshot of the spear phishing website in question

Look Out For Red Flags

  • Phishing emails and websites can be made to look like legitimate communications from Northeastern including university logos, however the text is typically written in poor English, including bad grammar and typos.
  • Hover over links in the email to check whether they are legitimate. If any one does not look like it leads to an official Northeastern website, do not click on the link.
  • If you are unsure whether email is legitimate, please contact either the ITS Service Desk ( at 617.373.4357 (xHELP) or the Office of Information Security (

What should I do if I receive a phishing email?

If you receive a phishing email, do not click on any links or open attachments. Delete the email.

What if I accidentally respond to a phishing email?

If you responded to a phishing email with your myNEU username and password, please contact the ITS Service Desk at 617.373.4357 (xHELP) or immediately. If you have responded to a a different phishing email with your financial or credit card information, please contact the issuing bank or credit company for assistance.

Questions or concerns? Please contact the ITS Service Desk at 617.373.4357 (xHELP) or

Don’t take the bait – Watch out for phishing attempts

Imagine this…

You are sitting at your computer and an e-mail comes across your screen…

“Your account has been suspended. Please go to to recover your account.”

You begin to panic – you have a paper due tomorrow, and you can’t submit it through Blackboard if you can’t access your account!

Before you click, STOP and THINK. Would Northeastern University ever ask you to validate your account through e-mail?

The correct answer is NO.

In the past few weeks, Northeastern University has been subject to a variety of phishing attacks. While most of us believe we would never fall for something like that, recent events have proven otherwise. The emails and websites are extremely convincing. In fact, some look just like an email you would receive from Northeastern University. A recent favorite is an phishing attempt pretending to be E-ZPass, where the email included text about its phishing policy to make it seem more legitimate.

EZpass phishing attempt

Even the most technically savvy individual could fall for a phishing email. It is important to remember that Northeastern University will never ask you for sensitive information through an email.

Below are a few additional helpful tips to aid you in avoiding phishing attacks:

Delete all e-mails and messages that ask you to provide personal information. Legitimate companies will never ask for this information via email. As an extra step, you can forward e-mails to the organization they are supposedly coming from to ensure they are aware of the phishing attempt. Bank of America even has a process for reporting these fake emails.

Be cautious when downloading files and opening attachments, regardless of who they are from. The files and attachments could be viruses designed to steal information from your computer.

Be on the lookout for generic-looking requests. Many phishing e-mails will be impersonal and use language such as “Dear Sir/Ma’am.” Banks and companies you do business with will, more often than not, send personalized emails.

Be on the lookout for poor spelling and grammar. Cyber criminals are not known for their spelling. Most organizations have staff who review any mass emails and wouldn’t allow it to go out with several mistakes. If you notice a lot of mistakes, it might be a phishing attempt.

Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure. For example, most sites that ask for personal or financial information will begin with HTTPS.

Phishing attempts could be made over the phone too. Remember to treat unsolicited calls with skepticism and to never provide personal information. Again, Northeastern University will never ask you for sensitive information through an unsolicited call. If something seems off, hang up and call the company back through an advertised number.

When in doubt, just ask. Northeastern University has a variety of areas you can reach out to for help. The ITS Service Desk is available 24/7 and can be reached by either e-mail at or by phone at 617.373.4357 (xHELP).