Phishing - FAQ

What is phishing?

• Phishing is an email, text message or phone call that tries to obtain your personal information to steal your identify or to hijack your Elon email account. It's called phishing because scammers email large groups of random people and hope someone bites. Watch the video below for an introduction to phishing scams.
• Watch: Phishing Scams in Plain English

What are the effects of phishing?

Phishing's effect on you

• If you respond to phishing scams, your identity could be stolen. Responding to phishing scams with your social security number (SSN), bank account information or usernames and passwords could lead to identify theft. Identify theft is when someone pretends to be you (with your SSN) and opens credit cards, bank accounts and spends money in your name, leaving you with the bill. The damage from an identity theft often takes years to undo.
• Phishing scams can also install viruses and spyware on your computer. These malicious programs can steal your personal information (also leading to identity theft) and slow down your computer.

Phishing's effect on Elon

• When you reply to an email that asks for your Elon username and password, the scammer can hijack your Elon email account and send out hundreds of thousands of SPAM emails using your name. This huge number of emails can flood Elon’s email system and potentially shut down email for the entire campus. In addition, all that SPAM can force other email providers, like Yahoo, RoadRunner and Google to treat all email from Elon, legitimate or otherwise, as SPAM. This makes it very difficult to send email to people outside of campus for several days.

To review, giving your username and password to someone, can:

• Lead to your identity being stolen
• Shut down the Elon email system for the campus
• Block emails from Elon faculty and staff to our students, and other off-campus alumni, colleagues, family and friends.

How can I spot a phishing scam?

• Phishing emails often pretend to be from an organization you trust, like Elon University, your bank, an airline, the IRS and others. Or they pretend to be from a stranger informing you of an unusually lucrative opportunity, like the Nigerian prince who wants to give you money. Both are fake and are an attempt to take your personal information like your password, social security number, account information, etc.
• A phishing email will ask you to perform an action in order to get your personal information. That action can either be to reply to an email, click on a link to a web page or complete an online form. The good news is, a phishing scam will only work if you let it. If you perform the action the scam asks, they will have your personal information. However, if you know what to look for and spot the scam, their phishing attempt will fail. Phishing emails have become more sophisticated but they have common warning signs that should make you suspicious.

Questions to ask if you receive an email that seems phishy

Does the email include your name?

• If not, it is likely a scam. Most legitimate web sites that contact you will know your name. Phishing emails will include salutations like: Dear Valued Customer, Dear Beloved Friend or not include a salutation at all. Scammers are becoming better and could include your name in a phishing email. It's important to remember that if it does include your name, it doesn't mean it is legitimate.

Are they asking for your username and password?

• If so, it is a scam. No legitimate organization, including Elon University, will ask for you to email your username and password in an email. Ever.

Are there misspellings or grammar errors?

• If so, it is likely a scam. Emails from legitimate organizations rarely include these types of errors.

Do you recognize the sender's email address?

• If they say it is from Elon, the email address should be @elon.edu, and not eloncollege.com, elonuniversity.net, etc. However, even if the email is from a legitimate email address, it could still be a phishing scam.

Is there a threat?

• If so, it is likely a scam. To motivate people to act, phishing emails typically include some type of threat.

Are there hyperlinks to unusual webpages?

• If so, it is likely a scam. Hover-over (do NOT click) the link to inspect where the link will take you. If the web address doesn't look like it's from the organization it claims it's from, the email is likely a scam. For example, if the email is from American Express but you hover over the link and see it goes to a page that doesn't include American Express, it is likely a phishing email.

How do you know if a website is legitimate or a scam?

• Look at the address bar at the top of the screen, if the web address looks familiar it likely is legitimate. For example, if a link from an email stating it is from American Express takes you to a website www.americanexpress.com, it is likely legitimate. If the link takes you to a website http://emarretas.com/s17zGJ/index.html, then it is likely a scam and you should leave that website immediately. The best advice is to never click on a link in an email that is suspicious. Instead, open a web browser (like Internet Explorer or Firefox) and find the company's web site by searching Google.

What should I do if I receive an email I suspect maybe phishy?

• Stop and do not reply to the email, click on any links in the email or download any attachments.
• If you know it is a spoofed or phishing email - just delete it.
• If you are not sure if is a legimate or malicious email, Forward the email as an attachment to the Technology Service Desk at infosec@elon.edu so they can verify if it is a scam and let others know about it. See how to forward emails as attachments.

What should I do if I respond to a phishing email?

• Contact the Technology Service Desk immediately. If the scam is caught early enough, IT can prevent much of the damage caused by spam emails. Contact them as soon as possible by emailing infosec@elon.edu or calling 336-278-5200. They will follow up with an update on the situation.

How can I protect myself from a phishing scam?

• Never respond to emails that ask you for any username or password.

• Never share your Elon username and password with anyone - not even your spouse or children. They may be responding to phishing scams and could be putting your personal information and Elon at risk.

• Never respond to emails that ask you to verify, update, or validate information the organization should already have.

• Before you share any personal information, confirm that you are dealing with a legitimate organization.

• Don't reply, click on links, or call phone numbers provided in the emails. Even if it is a link to unsubscribe, do not click it. Doing so will likely increase the amount of phishing emails you receive because now the scammer knows there is a person reading the emails.

• If you are ever unsure whether an email is legitimate, DO NOT RESPOND to it. Instead, contact the Technology Service Desk at 336-278-5200 and ask for advice.