Look out for phishing lures

Be on the lookout for phishers as they continue to lure the NC State campus community with deceptive emails and other electronic messages! 

What is phishing?
Phishing is a cyber attack known as “social engineering,” where cybercriminals trick you into releasing sensitive information such as your login credentials and credit card numbers. These cybercriminals, aka “phishers,” cleverly craft email messages, instant messages and text messages to mimic the people you know and trust, thereby luring you into a false sense of security.  

Know a phishing lure when you see one
In recent on-campus scams, phishers sent targeted email purportedly from a university supervisor or colleague requesting gift cards. Students and employees are also targeted with lures of job openings and alerts regarding citizenship status and student loans — often demanding urgent responses for passport information, login credentials, social security numbers, and account numbers.

To stay safe from cyber lures, learn and master these security practices:

  • Don’t click just yet
    When in doubt, don’t click any links or open any attachments. Instead, contact the sender using your known and trusted methods and then ask if they sent the message in question. Also, if you have concerns or questions about suspicious messages you’ve received, search the Knowledge Base in the NC State IT Service Portal or call 919.515.4357 (HELP).
  • Hover and think
    Hover your cursor over a suspicious link to see what the real link address is you’ll see it displayed at the bottom left of your browser window.
  • Scrutinize the sender’s email address
    Before clicking a link, opening an attachment or replying to a message, be absolutely certain you recognize the sender’s email address and that every part of it is correct. For example, don’t fall prey to an email from unityID-ncsu@my.com when you know it should be from unityID@ncsu.edu. Hint: See who the real sender is by clicking the down arrow under the sender’s name (to the right of the “to me” text).
  • Beware of phishy emails
    In some cases, phishing emails may be vague or sound “funny” while sometimes containing errors in spelling and grammar. Such emails often threaten you with punitive actions unless you provide sensitive data immediately.
  • Never share sensitive data
    No matter how “official” an email appears, legitimate organizations never ask for sensitive personal information such as passwords or account numbers via email or phone. 
  • Never forward a “loaded” phishing email
    While you may want to warn your friends and co-workers about a phishing attack, don’t forward phishing emails. Instead, send a summary of the phishing email content and subject line. You can mention the links or take a screenshot of the original email, but never copy in the link addresses or attachments. Share this advice with others.
  • Use Gmail and report suspicious activity
    Whenever possible, view all university emails using Google email (Gmail mobile or mail.google.com). Google Mail flags potentially phishy messages with warnings. Also, check your Gmail account activity for any unusual or unauthorized actions. To report phishing:

    • In your Google email, select Report phishing from the drop-down menu in the upper right corner of your message. See Avoid and report phishing emails.
    • You can also send new phishing emails to phishing@ncsu.edu. Make sure you include the full email headers.
  • Keep up with phishing trends and tactics
    Pay attention to articles and alerts concerning current phishing scams, especially during certain times of the year such as tax season. See IRS Tax Scams / Consumer Alerts. For news about threats to the campus community, check the Cybersecurity in the News section of Cybersecurity at NC State for ongoing updates.
  • Use the right antivirus software
    Viruses are only one type of malware, so use an NC State-recommended antivirus solution to protect your devices from worms, spyware and adware.  
  • Turn on 2FA
    Consider using two-factor Authentication (2FA) for your personally owned accounts, including your personal email, banking and social media accounts. You can find out more about other sites and services that offer 2FA at Two Factor Auth (2FA).

For additional information on phishing and computer safety, refer to the following resources: