Watch out for phishing emails

As the spring semester starts, NC State email accounts are being targeted with advanced phishing attacks. An average of four phishing attacks per day were reported in 2017. Some recent attacks include the tax payment, tech support and the Gmail update phishing scams.

Phishing often comes in the form of emails designed to fool you into releasing sensitive data, such as passwords, account or social security numbers, birth dates, and other identifying information. Phishers have become adept at making emails appear to come from trusted institutions, such as banks, retail stores, package delivery services, or even from friends, family and co-workers.

Phishing emails may contain links to harmful URLs or attachments that will download hacking programs or other malicious malware onto your devices. Or a link may take you to an online form that requires you to provide sensitive data, under the premise of unlocking or verifying an account or to claim a prize. Once you click on a link or open an attachment in a phishing email, you have taken the bait.

To protect yourself and your data, follow these recommendations:

  • Know your senders
    Phishing emails can look like they come from trusted sources. Before clicking on links or opening attachments, ensure you recognize the sender’s email address. When in doubt, don’t click on links or open attachments.
  • Beware of phishy emails
    Phishing emails may be vague or sound “funny” and often contain multiple spelling or grammar errors. If you receive such an email, contact the sender by phone for verification. Do not reply to the sender by email, as you may be communicating with someone who has hacked the sender’s account.
  • Don’t forward phishing information to others, especially the active bad links
    You may want to warn your friends, co-workers or end users of a phishing attack by forwarding them a phishing email. With some attacks, you can get your account phished just by clicking on the email link that directs you to a fraudulent website or form.
  • Instead, send a summary of the phishing email text and subject line
    You can mention the links or take a screenshot of the original email, but do not include the real one. Never forward a “loaded” phishing email, and tell others not to do so.
  • Don’t share sensitive data
    No matter how “official” an email appears, legitimate companies and organizations will never ask for personal information, such as passwords and account numbers via email. Such phishing emails often contain urgent messages, requesting that you provide sensitive data to avoid an action being taken against you.
  • Recognize phishing in all its forms
    Phishing attacks aren’t limited to just email. They may also come in the form of instant messages or text messages (aka smishing) or even phone calls (aka vishing). Follow the same precautions you would for email when receiving links, attachments or requests for personal information by any of these methods.
  • Ensure your antivirus software scans for malware
    Viruses are only one type of malware, so confirm that your antivirus is also protecting your devices against other malware, such as worms, spyware, nagware, trojans, adware, and a host of malicious codes.  
  • Keep up with phishing trends and tactics
    Pay attention to articles and alerts concerning current phishing scams, especially during certain times of the year, such as the tax season. See IRS Tax Scams / Consumer Alerts.
  • Report suspicious activity

As always, contact the NC State Help Desk at help@ncsu.edu or 919.515.4357 (HELP) with any concerns or questions about suspicious emails, even before you click on any links.

For additional information on phishing and computer safety tips, refer to the following resources: