Phishing Alert: Attention: Missing Timesheets

Date Sent: Sep 10, 2021

Phishing Summary:

This phishing email is seeking to trick the recipients into clicking 4 fake URL links, hoping you will then enter personal information at the links destination. The phish claims that the recipient’s timesheet was not received in the CNAV system and is asking for immediate action to be taken. The phish is attempting to appear to come from an internal Gettysburg College system by adding screenshots from the College’s website. The phish is also using a sender’s name that seems convincing and using an enticing reason to click through.

Spotting the Phishing

The best way to spot that this message is a scam is by looking at the senders address and also the URL address that the links would be directing the recipient to. The email address from an internal send would look like @gettysburg.edu, not @gettysburg-college.com. If you were to hover your mouse over “Enter Your Timesheets”, “Contact IT Support”, “Unsubscribe” and click “here”, you would see that links are directing you somewhere not associated with Gettysburg College. Users should also take note of the yellow caution disclaimer under the subject line, indicating this did not come from within Gettysburg College.

What should you do if you receive a Phishing Scam?

  • Don't reply
  • Don't click on any links
  • Don't open any attachments
  • Report as spam or immediately delete the email

What should you do if you accidentally clicked on any of the links?

  • Immediately change your password, scan your device for viruses and contact the IT Helpdesk or by calling 717.337.7000