Department of Information Technology

Tips for Staying Safe Online

Laptop with an image of a lock on the screenPhishing scams are designed to trick you into revealing sensitive personal information (e.g. passwords, credit card numbers, Social Security Number), which can then be used for fraud or identity theft. Keeping informed about these types of scams is the most effective method for deterring cyber criminals. Take proactive steps to safeguard your personal information by learning how to identify common phishing scams and how to report them.

Fraudulent Job Offers

Job offer scams begin with contact from the scammer, usually by email, inviting you to apply for or start a job. These job offers are often unsolicited, meaning you never applied or interviewed for the job. A telltale sign of this type of scam is the unusually desirable work conditions, such as short hours, easy work, lots of money, and the ability to work from home. With fraudulent job offers, the cybercriminal may direct you to a URL to enter your Seton Hall credentials in an effort to access your personal information or request that you make a financial transaction, such as depositing a check. It's important to remember that no legitimate employer will send payment in advance and ask the employee to send a portion of it back. DO NOT provide any personal information, especially social security numbers or financial/banking information.

Quick Requests or Favors

Recipients usually receive a very informal email from what appears to be a known sender from the Seton Hall community, such as a coworker or peer, asking if they can do a quick favor. If the sender receives a reply, they typically explain that they are in need of a favor because they stuck in a meeting and ask the recipient to buy a certain amount of gift cards. The scammer will then instruct the victim to scratch off the codes on the back and send pictures of the code numbers.

Past Due Payment Notification / Order Confirmation

There are two methods to this scam. In the first, a user may receive an invoice with an email demanding payment for services rendered or products purchased. In the second, the recipient is told that their payment is confirmed and a receipt is attached. The user is then instructed to call a provided number if they have any questions. Calls are most likely met with a very friendly person on the other end who cheerfully can do a full refund and asks the recipient for their credit card information to process the refund. Once the credit card information is given, the scammer hangs up and starts using the card before it can be reported as stolen.

Password or Account Expiration

In this scam, the recipient is notified that their password or account is about to expire and directs the user to click a button in order to keep using it. Typically, the button links to a fake Microsoft login page used to steal the user’s login credentials.

Shared Document

An email informs the recipient they have received a shared document and includes a URL. When the user clicks, they are taken to another page to continue to the shared document. Ultimately, the user is led to a fake Microsoft login page used to steal the user’s login credentials.

Phishing Email Checklist

  1. Unverified or Unknown Sender Information 
    Scammers will often customize the sender’s display name to be familiar and general. Check the full email address of the sender to ensure that the domain name (what follows the @ symbol) matches the apparent sender.  Also, check for emails that resemble the name of a well-known company (@shu.edu), but are slightly altered by adding, omitting, or transposing letters (@shu.com).
     
  2. Spelling and Grammar Mistakes 
    Pay special attention to how an email is worded, and look for spelling, punctuation, and grammatical errors.  Poorly written emails are often a telltale sign of a phishing scam.
     
  3. Urgency and Ultimatums 
    Messages that convey a sense of urgency are designed to make you respond immediately without thinking.  Additionally, messages about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent.

  4. Incorrect Links and Unexpected Attachments
    The URLs or hyperlinked words in a phishing email are often masked, meaning the link you see does not direct you to the address displayed. Instead, users who click are directed to a different, usually illegitimate, website.  Before you click, hover your mouse pointer over links and hyperlinks, and a small pop-up window will appear showing you the true destination of where the click will take you.   

You’ve Been Phished.  Now What? 

Report phish button in OutlookIf you recognize that an email sent to you is a phishing email, report it!  Click the “Report Phish” button, located in the top navigation of your email account, to send the email to IT Security for investigation.  If you are unable to find the button, or it doesn’t work, open a ticket with the Technology Service Desk by forwarding the phishing email to [email protected].  

If you accidentally clicked on a link or provided any information before recognizing the phishing attempt, close the page and immediately change the passwords of any compromised accounts.  If you’ve provided credit card or banking information, contact your bank and financial institutions to make them aware of the situation.  Lastly, report the phishing attack to Information Security to receive recommendations for additional steps. 

To learn more about steps you can take to protect yourself, visit: www.shu.edu/technology/phishing-scams.cfm

Categories: Science and Technology

For more information, please contact:

NEWS CATEGORIES