Information Security
  /  
Security Incidents
Phishing E-mail Attempts

The University uses the Email Defense System to scan and filter phishing attempts, junk email, viruses, and malicious high-risk attachments.

Despite best security efforts, phishing attacks can still occur. The consequences of responding to phishing emails can be devastating to the individual providing the personally identifiable information and to the University as a whole.

Do not click on any links, open any attachments, or respond to emails you suspect are a phishing attempt.

Identifying a Phishing Attempt

Check out the How to Identify a Fraudulent Email Scam video on the NUIT Communications YouTube Channel for more information on how to spot phishing email scams. And review the Information Security section on the McCormick website for more information on Protecting Your Information and Identity.

Northwestern will never ask for personally identifiable information, such as passwords, Social Security numbers, or account numbers. Official @northwestern.edu email accounts should be used to conduct University business; not unauthorized Gmail accounts.

Display Name Spoofing

Display name spoofing is a phishing technique attackers use to impersonate a trusted sender like a Dean, Chairperson, or co-worker.

The attacker does not need direct access to the trusted sender's account. The attacker creates a free e-mail account using the trusted sender's first and last name, which is typically publicly available on department websites.

Northwestern has seen a sharp increase in these types of impersonations, including a more sophisticated name display (for example: FirstName LastName <name.northwestern.edu@gmail.com>) and e-mail signatures referencing the trusted sender's job title, awards, and education.

The attack typically begins with a subject line that is either blank or says "Request" and a short message to the recipient, such as "Are you available?". If the recipient responds, the attacker builds momentum in the e-mail correspondence indicating that he / she is unreachable by phone and requests the recipient to purchase gift cards on his / her behalf.

This technique is especially effective against victims using a mobile device as mobile e-mail clients display less information about the sender than desktop clients. If an email looks suspicious, tap on the "From" name to display the sender's email address.

Reporting a Phishing Attempt

If you think you’ve received a malicious email, check to see if the phishing attempt has already been reported. Then, forward the suspect email along with the email headers to your McCormick local IT support or security@mccormick.northwestern.edu so that the message can be blocked if it is identified as an attack. Finally, delete the email from your mailbox.

If you have responded to a suspected scam e-mail, you should reset your NetID password as soon as possible and contact your McCormick local IT support.