What You Should Know

It is the responsibility of all Elon users to be knowledgeable of ways to protect both university and personal information. These common terms and definitions can help you identify and stay aware of the ever-evolving threats we all face online.



E-mail Spoofing

E-mail spoofing involves sending an email that pretends to be from a well-known company, a close family member or a respected individual from your organization. Spoofing can be carried out in person, over the phone or via malicious pop-up windows or “spoofed” (fake) websites.

Link (hyperlink)

A link can be disguised as a word, phrase, picture or icon on a website, in a computer document or included in an email on which a user may click to move to another part of the document, another document altogether or a totally different website. Links can also execute code and download programs to your computer. Because of these types of activities, it is very important to know what the link is doing before you click on it.


Malware includes viruses, spyware and other unwanted software that gets installed on your computer or mobile device without your consent or knowledge. These programs can cause your device to crash and can be used to monitor and control your online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads. Criminals use malware to steal personal information, send spam and commit fraud.


Phishing generally happens in two ways – social engineering (defined below) or email. E-mail phishing attempts to obtain the university’s or your private information, passwords or account numbers. These emails use deceptive means such as forging the sender’s address and often ask for the reader to reply, call a phone number or click on a link in the email.


Smishing is spoofing/phishing messages that come through your phone via voice or text. Generally, these messages will contain a fake phone number to call or link to click on. Most smishing messages will look like they come from banks, PayPal, Western Union or some other financial institution and will create a sense of urgency by instructing you to take immediate action to check an account, stop a payment, check a balance, collect money wired to you or immediately change your password because your account was compromised.

Social Engineering

Social engineering, in the context of information security, refers to the manipulation of people into performing actions or unknowingly divulging confidential information to an unauthorized third-party or individual. Generally, the purpose of social engineering is to gather information in order to commit fraud or gain access to data and information. Generally, social engineering differs from a traditional scam in that it is often one of many steps in a more complex fraud scheme.

Spear fishing

Spear phishing, like regular phishing, is an attempt to gain private information in a sneaky way. The difference is that spear phishing attempts are generally aimed at a specific target, whereas as regular phishing will cast a wider net among a larger group of people.

Two-Factor Authentication

Two-factor authentication requires both a password and an additional piece of information to log in to an account. The second piece could be a code sent to your phone, or a random number generated by an application or a token. This protects your account even if your password is compromised.