Cybersecurity: Protect Yourself and Salem State from Email Phishing Scams
Phishing is the fraudulent practice of sending emails claiming to be from reputable sources in order to persuade individuals to click on harmful links or reveal personal information.
Salem State University (SSU) has been the target of phishing scams – emails that appear to be from SSU senior faculty, staff, colleagues, students, the Commonwealth of Massachusetts, or affiliates, asking for your password, confidential information, gift cards, or simply to reply.
SSU added an “External” alert to all emails received from outside sources to heighten your awareness of these fraudulent emails and better ensure your protection.
Here are some steps you can take:
Change your password
- If you suspect your email account may have been compromised, change your password immediately and submit a ticket to the ITS Help Desk.
Do not reply, forward, or click on links
- Do not reply, forward, or click on any links in a suspicious email. Phishing emails may come from Yahoo, Gmail, etc., alleging to be from faculty or staff, including the university president and deans.
Report suspicious emails
- Whether you are on a mobile device or on your desktop computer using the Outlook desktop client or Outlook on the Web, you can use the Outlook Report Phishing feature to report an email you suspect is fraudulent. Using the report phishing feature will send a report to Microsoft and SSU Information Security.
- You can also send an email to the ITS Help Desk.
Hover to discover
- The hover technique can help you preview the email address before you reply; or the destination of a link before you click.
- In an email, hover your cursor over the person or company name to see the full email address. If using a mobile device, you can tap the person or company name to see the full email address.
- In a web browser, hover your cursor over a link WITHOUT clicking. After a second or two of hovering, the link's destination (URL address) will appear. When you use this technique in a web browser, the address appears in the lower-left corner of the browser. If using a mobile device, lightly press and hold the link; in a second or two, you'll see a pop-up display that provides options and identifies the link at the top.
Verify the email sender's identity
- Use an alternate (non-email) means to identify the sender, such as a phone call, particularly when providing confidential information.