Date Sent: Jan 19, 2023
Phishing Summary:
A Gettysburg College employee had their e-mail account taken over by an attacker. Once the attacker gained control of the account, the attacker began sending out the following phish (pictured below). The attackers’ goal of this phish, was to bait other users to send their personal email information to gmail address provided within the body of the email message. The phish is attempting to appear legitimate, by enticing users with financial gain. In this case, the incentive to send information comes with the possibility of receiving money for taking surveys and going to ATM’s for BITCOIN.
Spotting the Phishing
When receiving any email, you should ask yourself, “Why is this person emailing me” and “Does this email seem legitimate”? Does the email contain phishing characteristics? One of the first things that you should look at, is the greeting. Does it use your actual name, or does it have a generic greeting? In this case there is no greeting at all. Are there spelling errors? Is there financial incentive? Red flags should automatically go up, when users see links, or other email addresses in any email, especially when the sender is unknown or random.
What should you do if you receive a Phishing Scam?
- Don't reply
- Don't click on any links
- Don't open any attachments
- Report as spam or immediately delete the email
What should you do if you accidentally clicked on any of the links?
- Immediately change your password, scan your device for viruses and contact the IT Helpdesk or by calling 717.337.7000