How to Spot a Phishing Scam

Learn more about phishing scams and how you can protect yourself and Merrimack College. 

Phishing Attacks

Phishing attacks are emails disguised as being from a legitimate source that attempt to get the receiver to reveal sensitive information. Phishing attacks are common at all businesses and colleges and universities are no different.

Phishing attacks are on the rise. According to the FBI in 2020 241,342 phishing attacks were reported. That is a major jump from the 2019 numbers (114,702) and the 2018 numbers (26,379). Merrimack College has invested in several tools to protect us from phishing attacks but no method is perfect. If you receive a suspicious email - do not open it or click on any links. Report the suspicious email to askIt@merrimack.edu.

Spoofing

Spoofing is a type of email impersonation to trick the receiver into completing an action. The display name that shows in your email account is easy to change. Bad actors can change their display name to be from a person or company you know and trust (like your bank). The easiest way to check for spoofing is to hover your mouse over the sender’s display name. The email address the message was sent from will pop up and you can determine if it is from a trusted source.

Key Things To Check:
  • The email address and not just the display name of a sender should be checked.
  • The email itself may have misspellings or be in an urgent tone.
  • You may be asked for personal information.

Phishing can be successful if just one person in the organization clicks a link, downloads a malicious attachment or completes the task from the phished email. We have to be vigilant as a community to keep ourselves safe from phishing attacks.

Recognizing Phishing Attempts

  • Unsolicited
  • Too good to be true
  • Asking for personal or financial information
  • Malicious web links
  • Email addresses that are similar to legitimate emails. The address might have letters transposed.
  • Fake sender’s address
  • Request urgency