Phishing & Suspicious Email

What is Phishing?

Phishing is an online attempt to gain sensitive information (login info, credit card details, money, etc.) by pretending to be a trustworthy entity. Criminals can use phishing, spam and other malicious email to gain access to your personal and financial information, as well as sensitive college information or systems. 

There are many types of phishing scams. Some of the most common are:

  • Spear Phishing -- Attacks directed at specific individuals or companies.  Attackers gather personal or corporate information about the intended target and then tailor their phishing attempt based on their research.  Examples of research include correctly naming the target's supervisor & coworkers or position within the company.

  • Whaling -- A phishing attempt targeted specifically at company executives.  The content will be tailored to the target's executive role in the company and will often take the form of fake legal subpoenas, customer complaints or financial matters. 

  • Link Manipulation/Website Forgery -- A phishing attempt where in a link in an email appears to take the target to a legitimate site (Dropbox, a bank, governments sites) but actually takes the target to the attacker's site.  The attacker's site will be cleverly designed to look like the legitimate site it's pretending to be. Once at the site the target will be prompted to provide personal information.

  • Social Engineering -- Users can be convinced to click on various links for a variety of social reasons.  Examples include the link appearing to from a well-known source, the link appearing in an email purportedly from the target's supervisor, or the link makes an outrageous claim (fake news) which will entice the target to click.

Learn to Spot Phishes

There are tell-tale signs of many phishing attempts.  They include:

  • The message appears to be from a legitimate person but upon closer examination the email address is very different from what you'd expect.  The act of disguising a suspicious email address as a legitimate one is called "spoofing"
  • The message contains a mismatched URL. A link in the email may look like it's taking you to one site (Facebook, Dropbox, etc...) but when you hover your mouse over the link it shows that it takes you to someplace else
  • The message contains poor spelling and grammatical mistakes
  • The message ask you to provide personal information
  • The message comes out of the blue.  For instance you receive an email saying you won the lottery but you don't play the lottery
  • The message asks you to send money
  • The messages is threatening.  A bank threatening to close your account or a government agency threatening legal action
  • The message comes from your friend but you weren't expecting it and it's about a topic you've never discussed
  • The message contains an attachment with a strange extension.  Word documents use .doc, Excel spreadsheets .xls.  Be wary of .zip files.
  • The message is offering something too good to be true
  • The message just doesn't look right

Click Here to view examples of phishing

If You Suspect a Phish
  • Please dial the help desk at 978-762-4167  (x4167 if on campus)
  • Email the Help Desk at

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious web page, your account may be compromised.

  •     Change your password for any account that uses that password (not just NSCC accounts.)
  •     Contact the Help Desk at or 978-762-4167