What is phishing?

Phishing refers to emails from online criminals designed to trick the recipient into sharing personal information such as username and password, birth date, mother’s maiden name, social security numbers, credit card and bank account information. Originally phishing emails were generic in nature as seen with the well known “Nigerian Prince” and “Fed-Ex delivery” attachment scams. As users have become more aware and guarded phishing emails have become more direct and targeted. These new phishing emails are using specifically related information to tailored to the victim.

Users are now seeing phishing emails:

  • that appear to be from the CFO of a company sent to a subordinate asking to wire money overseas. (Theft & wire-fraud)
  • that appear to be from a company IT department sent to employees asking them to open an email attachment. (Malware)
  • that appear to be from an online business asking the user to confirm their credentials and banking information. (Stolen passwords & identity theft)
  • that appear to be from your company, organization, or school asking to confirm your username and password. (Data theft & unauthorized access)

If you receive an unsolicited message that feels wrong or appears strange:

  • Don’t reply and don’t click on links or call phone numbers provided in the message
  • If you’re concerned the message is legit, search for the company’s real contact information on your own and reach out to them yourself
  • Don’t open attachments or download files from unexpected emails; they may have viruses that can harm your computer or phone.
  • Personally confirm over the phone with the sender all financial transactions requested by email.
  • Delete phishing emails from your inbox.

Please Note:
Northeastern University will NEVER ask you to confirm your username and password in an email.

Contact the Service Desk (617-373-4357) or the Office of Information Security at phishcatcher@neu.edu for assistance with any suspicious email you receive.

More Information:

On Guard Online.GOV: Phishing