Date Sent: Mar 21, 2023
Phishing Summary:
An attacker is using an external email address, pretending to be a Michael D. Donaldson. The attacker is also attempting to be a member of an IT Help Desk. The attacker is trying to convince its recipients that their mailbox is full. There is a link within the body of the message titled, “SIGN IN HERE”. If you hover your mouse pointer over the link, you will see that it does not point anything associated with Gettysburg College.
Spotting the Phishing
When receiving any email, you should ask yourself, “Why is this person emailing me” and “Does this email seem legitimate”? Does the email contain phishing characteristics? In this particular phishing attempt, there were many known characteristics of a phish.
- Did this message come from outside Gettysburg College? Yes, the yellow banner lets users know that this message came from outside the organization.
- Does the email create a sense of urgency or contain threats? Yes, according to the phish your mailbox storage has reached 99%.
- Is a generic or no greeting used? Yes. No greeting is used.
- Is there a use of poor spelling and grammar? Yes. Spacing errors and grammar mistakes.
- Fake web links? Yes, the link does not point to Microsoft or Gettysburg. Red flags should automatically go up, when users see links, or other email addresses in any email, especially when the sender is unknown or random.
What should you do if you receive a Phishing Scam?
- Don't reply
- Don't click on any links
- Don't open any attachments
- Report as spam or immediately delete the email
What should you do if you accidentally clicked on any of the links?
- Immediately change your password, scan your device for viruses and contact the IT Helpdesk or by calling 717.337.7000