Phishing: Don’t take the bait

At Elon, we’re seeing a rise in phishing emails that try to take advantage of our busiest moments and our willingness to help one another. These scams are designed to trick recipients into revealing personal information—like passwords, MFA codes, or financial details—and can lead to payroll theft, data breaches, and financial aid fraud. Staying alert protects not only your information, but the people and systems we all rely on every day.

Spear phishing, like regular phishing, is an attempt to gain private information through deception, but are generally aimed at a specific target, whereas as regular phishing casts a wider net among a larger group of people. E-mail spoofing involves sending an email that pretends to be from a well-known company, a close family member or a respected individual from your organization. Spoofing can also be carried out in person, over the phone or via malicious pop-up windows or “spoofed” (fake) websites.

How to Spot a Phishing Email

Scammers can create convincing copies of Elon University pages, Google Forms, and SharePoint portals to steal credentials, often during high-pressure periods during the academic year. Phishing emails often use urgent or threatening language like “Your account will be suspended” or “Immediate action required.” They may also contain suspicious links or attachments and will likely have a generic greeting like “Dear user”, or “Dear Account Holder” instead of your name. Lastly phishing emails want your credentials so they send emails like “Account Verification Required” or “Your Account Will Be Suspended”.

Common red flags are messages that:

  • Don’t address you by name
  • Create a sense of urgency
  • Asks for sensitive, personal information
  • Invoke fear, greed or other strong emotions
  • Contain unexpected attachments
  • Contains QR Codes
  • Contain links that lead to unfamiliar websites or don’t match legitimate resources for the organization

Your Call to Action

You can be proactive in avoiding cyber security dangers and ensure you don’t Take The Bait or Feed the Phish.

  • Pause before you click. Ask yourself:
    • “Is this how Elon normally communicates?”
    •  “Is this how job openings are usually shared?”
    • “Does Elon IT ever send emails for account verification or ask for my password or MFA code by email?”
    • “Does this match how Elon typically shares files or requests data?”If you are not sure, check with your supervisor. Elon will never ask for your password, credentials, or MFA codes by email.
  • Never scan QR codes in emails. Phishers now hide malicious links in QR images to get around link filters.
  • Report suspicious messages. If you receive a phishing or a suspicious email, report the email by using the “Report Phishing” button in Outlook or forward the message to infosec@elon.edu. Using the report button is quicker and will more efficiently provide containment and remediation of the attack.
  • Stay informed. Completing security awareness training will help you stay informed regarding existing threats, scams and attacks.  Hover over links to check for authenticity
  • If you receive a phishing or suspicious email, act fast. Your quick response will help to identify, contain and remediate the attack. If you do respond to a phishing email, contact the Service Desk immediately (X5200)

Protect Your Accounts

Be mindful of ways you can safeguard your accounts from phishing scams. Your vigilance matters. Every time you report a suspicious message, you’re helping protect not just your own data, but the entire Elon community. Staying alert keeps our classrooms, research, and operations secure. If you suspect an email is fraudulent, don’t just click; report it! Together, we can keep Elon’s digital spaces safe, secure, and thriving., such as these tips:

Have you been scammed?

If you think you’ve been the victim of a phishing scam:

  • Change any passwords immediately
  • Scan your computer or device for viruses
  • Review activity for email and accounts
  • Contact your bank to report that you may have been the victim of fraud
  • If your Elon issued computer or device has been compromised, contact Campus Technology Support immediately at (336) 278-5200