Date Sent: Mar 11, 2022
Phishing Summary:
A Gettysburg College employee account got owned/compromised by an attacker. The attacker then used the account to impersonate the employee to phish the college campus. The attacker advertises a part-time, work from home job with weekly pay of $500 and advises the recipients to contact a bogus UNICEF employee with additional email information. Attached to the email is a Microsoft Word document appearing to contain employment details but asks recipients to send personal information to the attacker at a legitimate looking email address. The goal of such scams is to trick you into sending money and other personal information to the scammer.
Spotting the Phishing
Ask yourself, why would this person be emailing me directly, even though nowhere in the message is it directed to me personally. Has this person ever reached out to me before? What does this employee do at the college? Could I call them directly to see if this is legitimate? You should check the sender’s email address for anything suspicious such as it being from an individual instead of the organization named within the email. If it’s an organization you’re familiar with, type their URL into your web browser or directly go to the UNICEF site to see if this is legitimate.
What should you do if you receive a Phishing Scam?
- Don't reply
- Don't click on any links
- Don't open any attachments
- Report as spam or immediately delete the email
What should you do if you accidentally clicked on any of the links?
- Immediately change your password, scan your device for viruses and contact the IT Helpdesk or by calling 717.337.7000