Have you ever received an email that seemed to be from a trusted source but was fraudulent? Cybercriminals have ever-evolving tactics to trick you into divulging your personal data for nefarious acts — a crime known as social engineering.
The campus community is targeted by such attacks every day. Carefully scrutinize every aspect of every email you receive and look out for the following red flags:
From
- Unknown sender
Click on image to enlarge. - Apparently reputable address but with wrong domain; e.g., deanncsuedu@gmail.com
- Suspicious or misspelled domain
To
Unrecognized recipients
Date
Day or time outside normal business hours; e.g., Sunday, 3:31 a.m.
Subject
- Vague or suspicious
- Unrelated to message content
- Replies to an action you did not initiate
- Invokes urgency or fear
Click on image to enlarge.
Content
- Requests that you click on a link or open an attachment
- Requests your sensitive information; e.g., Unity ID or password
- Urges prompt action to avoid dire consequences
- Contains misspellings or poor syntax
Attachments
- Unexpected but from known sender
- Unrelated to message
- Suspicious file; e.g., executable file, pdf
Hyperlinks
- Actual link address differs from that shown in message.
To see the actual address, hover your mouse over link (or hold a long tap on the link while viewing on a mobile device). - Content is only hyperlinks.
- Misspelled hyperlink for a reputable site
Note: This information was adapted from KnowBe4 Social Engineering Red Flags.