Week TWO: HOW TO SPOT A PHISH

Quick Review: Phishing is a cybercrime that relies on deception to influence people into performing an action that compromises personal information or digital security.

In this five minute session, learn some of the more common phishing hallmarks, what to look out for when reviewing an email, and what to do if you suspect an email is malicious. Miss last week?
Review Week 1.

REVIEW SOME PHISHING HALLMARKS

Unfamiliar email address

Check the full email address of the sender. Is the domain name one that you recognize as legitimate, or is it attempting to spoof a real account? Check that the email address matches the name of the sender.

Screenshot of a phishing email from a user with a suspicious-looking email address.

Immediate action needed!

Be suspicious of emails requiring immediate action. Often, phishing emails urge you to take immediate action to keep you from thinking it over too much. Be on the lookout for emails with subject lines such as “Immediate Action Required” or “Suspicious Activity Discovered on Your Account.” 


Screenshot of a phishing email asking someone to provide their text number, and complete an urgent task for them.

Request for, or changes to, sensitive information

No Davidson employee, legitimate company, or bank should ask you to send confidential data over email. Attackers can use compromised email accounts to send phishing emails to people within their network.

Be suspicious if an email asks for a username, password, account number, or other sensitive information. If in doubt, open up a new tab in your web browser, and navigate to the website yourself.

Screenshot of a phishing email asking to change direct deposit information for their account.

Suspicious links or attachments

Before clicking on a link, locate the source URL, usually by hovering over it. Make sure that it looks like an address that makes sense given the content.

Davidson uses SafeLinks, which rewrites all email links to help protect you from accessing potentially malicious sites. You can see the original URL within the rewritten link to check for potential threats. 



Beware of attachments. Never open an attachment if you’re not sure the email is legitimate or if you weren’t expecting that file.

Screenshot of a phishing email with a fake notice to change an office 365 login.

Notices to Keep You Safe

You'll notice different email tags and warning notices on emails in your Davidson inbox. These are designed to help you identify content you'll want to take extra caution with.

External email warnings

These warnings are automatically applied by Davidson T&I to all emails that originate outside of Davidson College. Some trusted emails from service providers are exempted from this notice.

Screenshot of an external email notice warning that reads: This email originated form outside Davidson College. Use caution especially with links and attachments.

Impersonation warnings

These notices appear when you receive an email from an address that is close to, but not the same, as emails you've received before.

Screenshot of an impersonation warning that reads ....appears similar to someone who previously sent you email, but may not be that person.

Google external warnings

Google will let you know when you've received a shared a Google Drive document from outside your organization. Make sure that you were expecting this document share, or contact the purported sender separately to double-check before you click on the link.

Screenshot from a shared Google doc email that says that the sender is from outside of your organization.

Test Your Knowledge

Can you spot when you're being phished? Use what you've learned to ace this interactive quiz.

Screenshot of a phishing quiz game, with the title Can you spot when you're being phished?

Take Action

Immediately report a suspected phishing attack to Davidson Technology & Innovation. T&I can prevent other people from being affected by a phishing attack if it’s reported as soon as possible.

Call 704-894-2900 or forward the email to ti@davidson.edu.

Additionally, when in doubt, pick up the phone. Don’t hesitate to call the company, department, or person that the email claims to be from if you are concerned an email isn’t legitimate. 


Week 3 Releases October 18
Each week in October we'll release another mini-training to help you become more #cyberaware.