Data Privacy and Security, October 2020

Gone Phishing

This article has been updated. Please click here for more up-to-date information.

Email has always been a critical communication tool, but even more so now that Clarkies are learning and working in many different modalities. As a result, it’s even more important now for all of us to be vigilant and able to spot Phishing emails that attempt to compromise our personal, and community information.

Phishing is one of the most common ways that attackers try to access our data and commit fraud. Phishers pose, usually via email, as a someone you know and lure you into revealing sensitive personal information, downloading malicious software or sending money or gift-cards.

How can you tell a Phishing Email?

Phishers are becoming more and more sophisticated and the days of requesting bank transfers to help deposed princes are long gone. However, there are some signs to help you spot a phishing attempt, and in combination with the security and tools that ITS has put in place, we can reduce the risk to Clark’s information.

One way you can prevent mistaking a phishing attempt for a legitimate request is to pause before responding and re-read the email. We know in these busy times, when we receive so many emails every week, that being quick and efficient is necessary. However, phishers rely on the element of urgency. Taking just an extra moment to review emails before responding can make a big difference.

So, what should you look for? Phishing emails often have the following characteristics:

  • They will often appear to come from a Clark email address, but instead will be ‘spoofed’. Spoofed email addresses look similar but are actually different – similar to presidentsoffice.clarku.edu@gmail.com.
    • For Staff and Faculty: Look for the [EXT] label in the subject which indicates an email was sent from outside Clark. If you see an email that looks like it came from a member of the Clark community, but has the [EXT] label, be cautious.
  • Make requests for personal information (usernames, passwords, account numbers)
  • Alarming and urgent statements instructing you to act immediately
  • Slight alterations of well-known organization names (e.g. IT department, instead of ITS)
  • Awkward writing style, misspelled words, or poor grammar are common, but phishers are becoming more sophisticated and polished in their writing.

What should you do if you suspect an email?

  • If you receive an email from a colleague or senior member of your department asking you to act urgently, contact that person by other means for confirmation – a phone call, Teams chat, walk down the hall (when possible).
  • NEVER share your Clark username and password, with anyone. Nobody at Clark, including members of ITS, will ever ask you directly for your password.
  • If you identify a suspected phishing attempt, use our Phish Alert Report button to alert ITS

Outlook on Windows or Mac

    • Click on the Phish Alert Report button in the top right of the email window.

Desktop & Phish Alert

Outlook Online

    • Click on the More Actions (three dots) button in the top right
    • Click on the Phish Alert V2 option

Outlook App on iOS or Android

    • Click on the More Actions (three dots) button in the email
    • Click on the Phish Alert button
      • Note that on Android you may need to scroll down to see this option as it’s below Delete

Android App & Phish Alert

If You Get Phished

If you believe that you have been the victim of a phishing scam, change your password immediately by logging into ClarkYOU and using the “Password Change Utility” located at the bottom of the left sidebar. Also, contact the Help Desk at helpdesk@clarku.edu or (508) 793-7745.