Email, Faculty/Staff, Security, Students

Protecting Yourself From Phishing

Phishing is one way that unsavory people on the internet can scam others. Phishing emails are generally created to look like they have either come from people or organizations you know, or to try and present themselves as legitimate organizations. These emails usually ask for information, which phishers can use to compromise your accounts, or for monetary contributions.

Key things to look for and tips to help

Phishing emails often use urgent language to make you feel that it is important to respond quickly. Keep an eye out for emails that proclaim that a response is urgent or time-sensitive and that use all caps and a lot of exclamation points, either in the subject line or the text.

The spelling and grammar can also be an indication that the email is a phishing scam. You may see a lot of spelling errors or poor grammar used. Phishing emails may ask you for personal information you generally would not be asked for via email by a legitimate company — such as usernames, passwords, phone numbers, your physical address, birthday, etc. They may also include links or attachments that the sender urges you to click on or open. 

Below are some recommendations for handling phishing emails provided by Rapid7, a leading-edge company and innovator in the cybersecurity defense space with an extensive solution portfolio. You can check out Rapid7’s “Protect Yourself From Phishing” document [pdf] (below) for more information on how to spot phishing emails.

“Protect Yourself From Phishing” infographic from Rapid7. View full size [PDF].
  • Don’t:
    • Click on a link, button, or icon in a suspicious email. It might take you to a website that appears to be legitimate but is malicious.
    • Open an attachment unless you really know what it is. It may contain malware.
    • “Confirm” or “Verify” passwords, account numbers, social security numbers, birth dates, or any other confidential information.
  • Do:
    • Ignore links in suspicious emails. Instead, open your browser, search for the organization (supposedly) sending the email and go directly to their website, log in, and see if the information in the email is correct
    • Immediately report emails if they have even one of the clues listed above, or they just don’t feel “right.”
      • You can report suspicious emails sent to your Swarthmore account by forwarding them to phishing@swarthmore.edu.  The sooner we know about them, the sooner we can protect the campus community.

For faculty and staff, you can log into our cybersecurity eLearning platform at swarthmore.edu/safeonline to learn more about phishing – as well as take a look at other videos focusing on how you can better protect your data and devices especially when working remotely.

Part-time job phishing scams aimed at students

One particular phishing scam that is being presented to students comes in the form of part-time job emails. These kinds of emails include several common themes:

  • Part-time work
  • Work often involves tasks that appear to contribute to the greater good (e.g., the pandemic, students with physical and/or mental challenges, UNICEF, etc.)
  • Ask for information like personal (alternative, non-Swarthmore) email and cell phone number
  • Promise a relatively high wage per week
  • Spelling and grammatical errors

For some more examples of what else you can expect from these types of phishing emails, check out these samples of part-time employment scam emails [gdoc].

Follow the general recommendations for phishing emails described above, and remember that any suspicious or questionable emails you receive at your Swarthmore account can be reported by forwarding them to phishing@swarthmore.edu.