Spam/Phishing Attempts – GCU Technical Support

In today’s digital world, staying safe online is more important than ever. One common threat you might face is phishing emails and text messages designed to trick you into sharing personal information like passwords, credit card numbers or other sensitive data. Unfortunately, multiple universities have seen that their students are being targeted by these attacks. At Grand Canyon University (GCU), we have seen multiple phishing attempts specifically targeting our students. These attacks may often appear legitimate at first, and sometimes even come from compromised university email accounts. This article will explain you what phishing is, provide some of the recent examples, show you how to spot it, and tell you what to do if you see it.

What is Phishing?

Phishing is a malicious attempt to steal your personal information or trick you into giving away passwords, account details, or credit card numbers. These attacks often come in the form of emails or text messages and sometimes include links or attachments that could infect your device with malware or viruses. Phishing can take many forms, but the goal is always the same: to deceive you into sharing your personal information.

Examples of Phishing Attempts

To help you better recognize phishing attempts, below are some recent examples that have targeted GCU students.

IMPORTANT There are multiple different ways a phishing email and text message can appear. Do NOT assume that the email or text message is safe just because it isn’t listed on this article.

PERSONAL ASSISTANT/REMOTE JOB OFFER FOR STUDENTS

This phishing email offers a part-time personal assistant job with flexible hours and $500 weekly, asking students to click on a suspicious link.

JOB OPPORTUNITY

This phishing email promises a flexible part time job with $510 weekly pay and directs students to a link to apply, potentially leading to fraudulent sites.

ALERTGCU NOTIFICATION

This phishing email pretends to be a GCU account deactivation notice, telling students to click on a link to confirm their email status, which may eventually lead to stolen login credentials.

How to Identify Phishing Attempts?

Phishing emails can look like official emails from GCU or from a fellow student or instructor. However, there are different ways to tell the difference between an official email and a phishing email. To help you identify phishing attempts, here are the top 5 things to look out for when evaluating suspicious emails:

Strange Sender Information

One of the first spots you should check when examining a suspicious email is the sender’s address information. Of course, any messages sent from strangers or lists to which you’ve never subscribed to are cause for concern but be wary of more “normal” looking addresses, too. To trick you into opening an email, hackers commonly pose as reputable companies such as banks, stores, and even universities. Always double-check the sender's address to be sure there aren’t strange characters like unnecessary commas and periods, misspellings, or added numbers inconspicuously hiding in the sender’s email address. Even if the email seems to have been sent from someone at GCU, you will still need to watch out for the other signs of phishing! If you believe the email is from GCU, it should be coming from reputable departments such as our Career Services. We also recommend keeping in mind that some departments like Technical Support will never contact through text messages.

Personal Information

One of the most common email scams is phishing. A phishing email will ask you to provide personal information such as credit card numbers, passwords, or account information. To further convince you to give out your most private data, these emails typically rely on creating a false sense of urgency, information that seems too good to be true, and other tactics to access your information. To avoid falling victim to phishing emails, never give out your personal information via email unless you’re certain the email is legitimate. Any email from GCU, will always ask for FERPA verification before they release information or ask you to release information and GCU will never ask for a credit card, password, or social security number through email.

Harmful Attachments

Along with questionable content, a majority of dangerous emails contain an attachment. In fact, recent studies found that a whopping 85 percent of malicious emails contained an attached file in the form of .DOCX, .XLS, .PDF, .ZIP, or .7Z. While not all attachments are harmful, you should be extremely cautious if you weren’t expecting to receive an attachment via email. Compromised files can contain viruses and other malware designed to attack your computer once downloaded and opened.

Suspicious Links

Similar to attachments, emails containing links you don’t recognize or were not expecting to receive are another tell-tale sign you can use to identify a dangerous email. Most dangerous links will either be incomplete, to a site you’ve never heard of, or even consist of jumbled letters and numbers. Before clicking on any links, hover your mouse over the link to preview the URL safely.

Urgent/Threating Language

One way that people can trick you into missing other phishing indicators is by creating a sense of urgency or panic to claim a gift or avoid a penalty. This type of pressure can cause victims to let their guard down and forget the other signs of phishing. If an email promises free concert tickets for filling out a survey, they may be phishing for your personal information. If a suspicious email threatens to drop you from your program in 24 hours due to non-payment, then asks for your billing information, you should reach out to your counselor to discuss it directly.

How to Report Phishing Emails?

If you believe you have a spam or phishing email, you should report it immediately. To report these emails in the Microsoft Outlook Web App, select the Report tab from the toolbar at the top of the page and then select Report Phishing from the drop-down menu.