Email Scams and Phishing – Tips to avoid being scammed or phished

Have you recently been alerted your account will expire?

Perhaps you’ve been alerted that someone has accessed your account without your permission and need to click on a link and verify your information. The NWHSU community receives messages like this daily.

Identity thieves use phishing emails to trick you into providing personal information that is often used for malicious purposes. They are usually easy to detect, but good phishers use more intricate techniques to confuse potential victims.

5 easy ways to identify a phishing email:

• Look at the email address not just the sender
  Sometimes an email will look like it is coming from IT, the Helpdesk, or even your bank. If you look closely at the email address next to the name of the sender, it often reveals an email address that is not even closely related. All NWHSU emails end in @nwhealth.edu. Legitimate organizations do not ask you to supply your personal information via email. If you are concerned about a suspicious email, contact the IT Helpdesk.
• Urgent action required
  Identity thieves and hackers use scare tactics to bait users into clicking links or providing their username and password. If you see an email that tries to get you to take action such as “your account will be deleted if you don’t respond” or “click here NOW to upgrade your account,” then you can bet it is a phishing email. If the tone of the email seems threatening, contact the IT Helpdesk directly to verify its authenticity.
• Typos and improper grammar
  Check for misspelled words and grammar mistakes. This is a quick and easy way to spot if it is a scam.
• NWHSU will NEVER asks for your personal information via email. Impersonal use of language like “Dear user” can also clue you in.
• What website does it lead to?
  If it asks you to click a link, pay attention to where it is trying to take you before you click. You can hover over links before you click on them. Does it lead you to the correct site? Is the website URL misspelled? Does it look like it is going to bring you to a different site completely? Phishers often setup fake websites with similar names, but if you take a moment to hover before you click it will help you identify the scam.

What do I do if I receive a phishing email?

The safest thing to do is delete the message immediately. Do not click any links from untrusted sources and do not provide your username or password. If you give away these credentials, reset your password immediately and contact the IT Helpdesk.

Other precautions:

• Don’t open attachments from unknown senders. Hackers and phishers often attach malicious files with viruses to their emails. Never open an attachment from an untrusted sender.
• Watch out for too many “FREE” offers – If it seems too good to be true, it probably is.
• Keep your email for NWHSU purposes only – When it comes to email for personal use, we recommend using an alternative account such as Gmail, Hotmail, etc. This helps decrease the spam and ads in your work email.
• When in doubt, always contact the IT helpdesk. We can help you determine if the email is malicious or help resolve the issue.