Take Action Scams: Exploiting Urgency
Phishing Scams: Can You Spot Them Like Scrappy?
Scrappy is on the case! Join him as he cracks the code of phishing scams. We'll uncover sneaky tricks scammers use in their emails, so you can become a whiz at identifying them and protecting yourself from online fraud.
Get ready to . . .
- Read real-world examples: Scrappy will show you suspicious emails and challenge you to spot the red flags.
- Think like a detective: Use your critical thinking skills to identify clues that something's fishy.
- Become a reporting hero! You will learn when to report an email and keep everyone safe online.
Be like Scrappy: Always report suspicious emails! Remember: Spot. Stop. Report.
Example 1
From:
NetID@students.kennesaw.edu
To:
scrappy@kennesaw.edu
Subject:
IT DESK
Message:
This is a special notice that your Office 365 Edu email and password will expire in
24 hours Our Record indicate that you recently need to Authenticate your Office 365
Login And this process has
OFFICE365 Begun by our Administrator. you are advised to Fill out your correct information
If you do not verify your mailbox, we will be forced to block your account
Spot. Stop. Report.
-
How many flags can you spot? (Scrappy counted 4.)
- The email is from a student account, but the subject line and content pretend that the email is from the IT Desk. KSU's technology help is called "KSU Service Desk" and the email address would appear as "IT Service Desk."
- Grammar and spelling mistakes: Many cybercriminals don't pay attention to proper spelling and capitalization.
- Threatening message: You are led to believe that you will be denied access to your account if you don't fulfill their request.
- A request to share sensitive information. If you were to click on the link (which, of course you won't), you would be prompted to share sensitive information that hackers could use to steal from you or to impersonate you.
-
What should you do if you received a similar email?
- Spot: Take note of the signs described above.
- Stop: Stay calm. People fall victim to these kinds of scams because they fear that they will loose access to their account. Do not respond to the email. If you are in doubt, reach out through an official channel and ask the person claiming to have a quick request if they indeed contacted you.
- Report: Use the Phish Alert button to report the email to UITS. (If it is legitimate, you will be notified that you can safely proceed with any requests.)
Example 2
From:
Kennesaw.edu Help-Desk noreply@<NAME.COM
To:
scrappy@kennesaw.edu
Subject:
[EXTERNAL] NetID Request received: Service Ticket ID:9104
Message:
Hi Scrappy,
Your password for scrappy@kennesaw.edu is set to expire on 8 of July 2024 EST.
Keep same password with the button below.
Keep My Password [Click BUTTON]
*Do not ignore this email to avoid login interruption.*
Thanks,
The kennesaw.edu Team
Spot. Stop. Report.
-
How many flags can you spot? (Scrappy counted 4.)
- External sender warning in the subject line.
- The subject line includes a ticket number, but Scrappy didn't put in a service request.
- You are urged to act now in order to avoid login interruptions.
- The signature is strange and incorrect. The KSU Service Desk has a nice signature with contact information.
-
What should you do if you received a similar email?
- Spot: Take note of the discrepancies.
- Stop: Do not click the link or respond to the email.
- Report: Use the Phish Alert button to report the email to UITS. (If it is legitimate, you will be notified that you can safely proceed with any requests.)
If you have any doubts about the legitimacy of an email, report it to University Information Technology Services (UITS)! Forward it to abuse@kennesaw.edu, or click the "Phish Alert Report" button in Outlook.
