RE: Increased Phishing Attempts


Dear Colleagues,

Many of you may have noticed an increase in phishing attempts. In today’s world, we must all be skeptical of emails (especially those that are unsolicited), which ask us to verify/ reset our accounts, enter passwords, provide personally identifiable information such as SSNs, or open attached documents.

Fortunately, there are a few basic red flags. Typically, you will find more than one of them in any given attempt.

  • Unknown sender addresses.
  • Unknown or unrecognizable links.
  • Threats of account suspension.
  • Bad spelling/grammar.
  • Although it claims to have come from Office 365, Microsoft, etc., something about the message just doesn’t look right.

For example, today, the following phishing attempt was received by several employees.

phishing attempt was received by several employees

The above message appears to be from MS Outlook and includes an “official” footer; however, there are several red flags.

  • An unrecognizable sender address.
  • Poorly structured grammar.
  • Messy links (,couldn’t)
  • Unknown link for “validate here”.

Some messages are short and concise…

Some messages are short and concise

While others use esthetics to add an air of legitimacy…

others use esthetics to add an air of legitimacy

You will notice, however, all of the above messages contain the same red flags, which allow us to recognize them as being fraudulent.

Another important reminder: be aware of phone phishing (vishing). It is not uncommon to get calls from people claiming to be from Microsoft, the IRS, etc. These are just scams to hijack your computer, pressure you into giving them money, etc.

ITS encourages you to read more on how to recognize phishing attempts where you can also view short video and take a short quiz.