Information Security
  /  
Security Incidents
Phishing E-mail Attempts

The University uses the Email Defense System to scan and filter phishing attempts, junk email, viruses, and malicious high-risk attachments.

Despite best security efforts, phishing attacks can still occur. The consequences of responding to phishing emails can be devastating to everyone.

As a general practice, do not click on any links, open any attachments, or respond to emails you suspect are a ruse to divulge your personal information or purchase goods and services.

Jump to a Section

What do cyber criminals want?

They are:

  • seeking your NetID credentials or Social Security Number
  • requesting you to pay money or use cryptocurrency for a good, service, or opportunity
  • wanting you to purchase equipment or gift cards on their behalf
  • soliciting your personal bank or credit information

How are they getting it?

The most successful tactic cyber criminals use to prey on victims is to impersonate respected members of the McCormick community with:

  • overly simplistic offers of employment
  • links to nefarious Google documents
  • personalized requests asking for “quick tasks” to be completed

What is "spoofing"?

Display name spoofing is a phishing technique attackers use to impersonate a trusted sender like a Dean, Chairperson, or co-worker.

The attacker does not need direct access to the trusted sender's account. The attacker creates a free e-mail account using the trusted sender's first and last name, which is typically publicly available on department websites.

Northwestern has seen a sharp increase in these types of impersonations, including a more sophisticated name display (for example: FirstName LastName <name.northwestern.edu@gmail.com>) and e-mail signatures referencing the trusted sender's job title, awards, and education.

The attack typically begins with a subject line that is either blank or says "Request" and a short message to the recipient, such as "Are you available?". If the recipient responds, the attacker builds momentum in the e-mail correspondence indicating that he / she is unreachable by phone and requests the recipient to purchase gift cards on his / her behalf.

What are signs of a fraudulent email?

Common signs of a phishing campaign are:

  • messages from a free email address (e.g., Gmail or Hotmail)
  • the sender’s email address does not match the sender’s display name (e.g., Julio Ottino < officeonline6170@gmail.com>)
  • the sender’s name does not match the email signature (e.g. the email is from “Joe King” but signed in the body of the message by Julio Ottino)
  • requests to move the conversation to a personal email account or messaging service such as WhatsApp
  • items shared via Google Drive but the sharee’s name and email address do not match (e.g. Julio Ottino rjmenton@wsfcs.k12.nc.us has shared the following item)
  • requests to enter personal information into a bogus website

Check out the How to Identify a Fraudulent Email Scam video on the NUIT Communications YouTube Channel for more information on how to spot phishing email scams. And review the Information Security section on the McCormick website for more information on Protecting Your Information and Identity.

NOTE: Northwestern will never ask for personally identifiable information, such as passwords, Social Security numbers, or account numbers. Official @northwestern.edu email accounts should be used to conduct University business; not unauthorized Gmail accounts.

Who is most at risk for falling victim to a scam?

Spoofing techniques, in particular, are especially effective against victims using a mobile device as mobile e-mail clients display less information about the sender than desktop clients. If an email looks suspicious, tap on the "From" name to display the sender's email address and make a judgement call.

How can we protect ourselves?

Northwestern's role

As noted above, to prevent email scams from reaching the University’s central email server, Northwestern’s Email Defense System (EDS), powered by Proofpoint, blocks the majority of malicious messages from being distributed to the University community or quarantines them from your inbox. However, malicious and junk emails occasionally slip through this security net; and sometimes a legitimate message is caught in the filter.

Your role

  • Be cautious of unsolicited or suspicious emails with generic language or misspellings
  • Do not click on links directly from emails
  • Delete known or reporting phishing attempts from your inbox and deleted mail
  • Do not provide or enter personal information into unsecure, unknown or suspicious web forms
  • Use an antivirus software and ensure all others software is up to date
  • Manage your EDS message filtering to add or remove senders from the Safe and Blocked lists
  • Check your Outlook’s junk mail folder often for potential false positives

How do I report a suspicious email?

If you have received a suspicious email or believe you are experiencing employment fraud:

  • Immediately suspend all communication with the other party
  • Report the suspected fraud to McCormick IT (security@mccormick.northwestern.edu); include the email headers so that the message can be blocked and then delete the email from your inbox and deleted messages
  • If you entered or provided your NetID credentials, reset your NetID password as soon as possible and contact McCormick IT for a consultation on how to health check your device
  • If you sent money to the impersonator, immediately contact your bank or credit card company to close your account and dispute any charges; next, call Northwestern University Police (847-491-3456) or your local police department’s non-emergency number to report the incident
  • File a cybercrime incident report with the FTC if the exchange happened via email or over the Internet
  • Continue to monitor your bank accounts and credit report if personal information was disclosed