How to Recognize and Avoid Phishing Scams

Phishing is a type of cyberattack where scammers disguise themselves as a trustworthy entity to steal your sensitive information, such as passwords, credit card numbers, or social security details.

While these attacks are becoming increasingly sophisticated, most follow a predictable pattern. Use this guide to spot the red flags and protect your digital identity.

This article will address:

  1. Types of Attacks
  2. Common Red Flags
  3. Valued Targets within Higher Education
  4. Identification Techniques
  5. Response Protocol / What to Do if You Click
  6. Recognize and Report Phishing

Types of Attacks

Scammers tailor their approach depending on their target:

  • Spear Phishing: Highly personalized attacks targeting a specific individual or organization.
  • Spam: Unwanted, bulk, ofter commercial emails (like junk mail).
  • Whaling: A spear phishing attack specifically aimed at high-level executives (the "big fish").
  • Smishing: Phishing via SMS (text messages). Often includes a link to "track a package" or "verify a bank login."
  • Vishing: Voice phishing where scammers call you, often using "spoofed" numbers to look like a local bank or government agency.
  • Quishing: Involves directing users to malicious sites via QR codes, commonly found in emails or physical locations.

Common Red Flags to Watch For

Phishing attempts often rely on social engineering to bypass technical security measures. Keep an eye out for these five indicators:

  • Sense of Urgency: The message claims your account will be deleted, or a "suspicious payment" was made, pressure-cooking you into acting without thinking.
  • Generic Greetings: Instead of your name, the email uses "Dear Valued Customer" or "Dear Member."
  • Suspicious Sender Address: The "From" name might look official (e.g., "PayPal Support"), but the actual email address is a string of random characters or a misspelled domain. (ex. ITsupport@mountcollege.com)
  • Unexpected Attachments: Professional companies rarely send invoices or documents as .zip or .exe files out of the blue. 

High-Value Targets in Higher Education

Unlike generic retail scams, academic phishing is often highly contextual. Watch out for these common campus-themed lures:

  • The "Unpaid Tuition" Scare: Urgent notifications claiming your enrollment will be dropped or your transcript withheld due to an outstanding balance.
  • The Research Opportunity/Job Offer: Too-good-to-be-true offers for remote research assistant positions that ask for your personal phone number or bank information upfront.
  • The Payroll/Direct Deposit Update: Emails targeting faculty and staff, often appearing to come from HR or "Workday Support," requesting a login to "verify" banking details.
  • The IT Quota Notification: Warnings that your ".edu" email storage is full or your password is set to expire, requiring a login via a spoofed university portal.
  • Music Equipment or Tools: Emails using items such as tools, office equipment, or musical instruments to interest users in purchasing fictional items.

Advanced Identification Techniques

Scammers often use "spoofing" to make an email look like it originated from your Instructor, Dean, or Department Head. Use these techniques to analyze attempts:

  • Check the "Mail-From/Sender" vs. "Display Name": A scammer can change their display name to "President Jane Doe," but if you click on the name, the actual email address might be (ex. office-of-president@gmail-com.ru)
  • Inspect the URL Structure: Primary sites often user subdomains to mimic official university portals. Always look for the Primary Domain.
    • Example:
      • Offical URL: Support.mountmarty.edu
      • Phishing URL: lancer.support.portal.com

Response Protocol / What to Do if You Click

If you suspect your institutional account has been compromised or realized you entered information into a suspicious site:

Recognize and Report Phishing

Video published by CISA (Cybersecurity and Infrastructure Security Agency)

Print Article