Phishing scams continue to be a top reason for incidents and breaches in the educational services sector. Learn about tactics that cybercriminals often use.

Tactics often found in phishing scams range from a fake and malicious web link to a directive that appears to come from a university leader or department. When receiving an unusual or unexpected message, look for the following tactics and red flags.

Play on emotions

Phishing messages are often written to generate emotions that will motivate you to take immediately action; fraudsters don’t want you to take time to consider the message’s legitimacy. The most common emotions include a sense of fear or urgency, or an award of good fortune—something that is too good to be true.

Fake, malicious links and attachments

Cybercriminals can use links and attachments to deliver malware—malicious software—to your computer and possibly gain access to CU networks and sensitive work information. Such access may also allow them to lock your computer for ransom until a payment is received.

Malicious links can be disguised to look like trusted links and take you to fake or infected websites. Attachments can appear to come from a known source, but whose account has been compromised.

Fraudulent data entry

You’re prompted to fill in sensitive information like user names, passwords, and financial information.

Impersonation of individuals or companies

By impersonating an individual or company or both, cybercriminals can send phish that looks legitimate. They use compromised email accounts and addresses to send the phish. To appear more authentic, business logos are often copied from the Internet and added to the message.

Be aware: cybercriminals may send email that appears to come from a CU address. The intention of the email is to get you to click links or open attachments.

Resources for more information