Date Sent: Nov 18, 2022
Phishing Summary:
A Gettysburg College employee had their e-mail account taken over by an attacker. Once the attacker gained control of the account, the attacker began sending out the following phish (pictured below). The goal of this phish was to bait other users, have them click the link found inside of the email, and then give up their College credentials. This phish is attempting to appear legitimate by suggesting that the email services are transitioning from MS Outlook to GMAIL, this is not true.
Spotting the Phishing
When receiving any email, you should ask yourself, “Why is this person emailing me” and “Does this email seem legitimate”? One of the first things that you should look at, is the greeting. Does it use your actual name, or does it use a generic greeting? After this, you should look at the senders’ address. In this instance, it came from a Gettysburg College employee, but does this user work in IT? The answer is “NO”. Taking the time to do a little research, can go a long way in protecting your digital presence. Does IT ever ask for personal information in an email link? The answer is “NO”. Red flags should automatically go up, when users see links in any email, especially when the sender is unknown or random.
What should you do if you receive a Phishing Scam?
- Don't reply
- Don't click on any links
- Don't open any attachments
- Report as spam or immediately delete the email
What should you do if you accidentally clicked on any of the links?
- Immediately change your password, scan your device for viruses and contact the IT Helpdesk or by calling 717.337.7000