Have you ever received an email that seemed to be from a trusted source but was fraudulent? Cybercriminals have ever-evolving tactics to trick you into divulging your personal data for nefarious acts — a crime known as social engineering.
The campus community is targeted by such attacks every day. Carefully scrutinize every aspect of every email you receive and look out for the following red flags:
- Unknown sender
- Apparently reputable address but with wrong domain; e.g., firstname.lastname@example.org
- Suspicious or misspelled domain
Day or time outside normal business hours; e.g., Sunday, 3:31 a.m.
- Vague or suspicious
- Unrelated to message content
- Replies to an action you did not initiate
- Invokes urgency or fear
- Requests that you click on a link or open an attachment
- Requests your sensitive information; e.g., Unity ID or password
- Urges prompt action to avoid dire consequences
- Contains misspellings or poor syntax
- Unexpected but from known sender
- Unrelated to message
- Suspicious file; e.g., executable file, pdf
- Actual link address differs from that shown in message.
To see the actual address, hover your mouse over link (or hold a long tap on the link while viewing on a mobile device).
- Content is only hyperlinks.
- Misspelled hyperlink for a reputable site
Note: This information was adapted from KnowBe4 Social Engineering Red Flags.