Oct 27 – NCSAM – Don’t Take The Bait!

What is a Phishing Scam?

A phishing scam is a fraudulent email message from someone impersonating a legitimate organization or individual. It’s designed to trick the recipient into downloading harmful attachments or sharing personal information with the sender. Scammers will often try to extract card payment data or, like the example below, your login information.

Recently, fraudsters have sent messages to Millersville recipients claiming you’ve run out of email storage space, your library account is expiring, or recruiting for fake internships. These messages are an attempt to steal your information like login credentials personally identifiable information, or financial information.

This week, you may have seen the message below that was attempting two steal personal information from users wanting to apply for a internship program. The email had a link to follow that took you to a site that was harvesting user information.

Don’t Take the Bait

Legitimate companies will never ask you for sensitive data such as your password or social security number. Phishing scams will not only ask for this information, but will invoke strong emotions of fear or anxiety to convince you to hand over important information.

Todd Echterling, Campus IT Security Specialist for MU Information Technology advises everyone to think about the email you are reading before clicking on any links it contains. An email containing a link or attachment could be a scam.

Think about what the email is trying to make you do. Scammers will often try to induce fear in you, scare you, promise you money, or try to pique your curiosity. Always ask yourself, ‘Was I expecting to receive this message? Is it from someone I know?’ If not, it is most likely from a malicious source.

MU Information Technology strives to rid our email system from as many spam/phishing emails as we possibly can. We employ Barracuda Sentinel and Microsoft Advanced Threat Protection that both use AI and machine learning to inspect email and compares it against numerous databases to see if the message is legitimate or if it is nefarious. Most spam/phishing emails originate from accounts that have been compromised and messages are sent on behalf of the hacked user. Below is a graph of inbound messages that were allowed, blocked, or quarantined. October 26th was highlighted just so you can see what was blocked in just one day.

Doing Your Part

If you receive an email that you suspect is a phishing scam, forward it to campusitsecurity@millersville.edu. We also encourage users to press the “Phish Alert” button in the Outlook menu bar. Users reporting scams are the best way for the security team to find out about these types of suspicious emails. If you have a question, you can also contact the Helpdesk.