Think before you click: Three tips to avoid phishing scams

The start of a new semester is peak time for phishing scams. As scams get more sophisticated, they get harder to spot.

Phishing comes in many forms — like email, text or even documents shared through Google Drive. Scammers try to trick you into clicking links that download harmful software onto your device or send you to a fake website or Shibboleth login page to steal your personal information or sensitive university data.

Here are three important tips to help you avoid phishing scams.

1. Be Suspicious

  • Be cautious of campus job scams with subject lines like “JOB OFFER: UNDERGRADUATE RESEARCH POSITION.” If an offer seems too good to be true, it probably is.
  • Be wary of anyone asking for your contact, financial or login information. Pension review and payroll scams requesting personal information are common among university employees.
  • Always verify the email sender’s address, even if it seems familiar. Contact individuals you know in a different way to confirm their identity.

2. Take Your Time

  • Think before you click a link, open an attachment, provide your username and password, or approve a Duo Security notification.
  • Carefully examine all URLs before clicking them. Last year, scammers targeted campus with fake NC State login pages and Duo push notifications that were nearly identical to the real ones. If you think a message might be real, visit the known website directly.
  • Slow down and be vigilant of anything abnormal. Keep an eye out for generic greetings, an unusual sense of urgency, awkward wording and misspellings.

3. Ask for Help

  • Show the suspicious message to someone you trust via your device or a screenshot if you’re worried you’re being targeted by a scam.
  • When in doubt, report. Use Google’s built-in reporting feature. Open the suspicious email, click the More option (three vertical dots) at the top-right corner and select Report phishing. You can also send suspicious emails and texts to
  • For assistance, contact the NC State Help Desk via the NC State IT Service Portal or call 919.515.HELP (4357).

Learn more about phishing at NC State, and subscribe to OIT News for monthly tips to help you stay safe online.