Phishing E-mail

What is Phishing?

Phishing is electronic fraud commonly carried out through malicious e-mail attempts to gather personal information. These e-mails appear to come from reliable sources and often contain urgent requests that require the recipient to provide personally identifiable information (PII), such as passwords, credit card account numbers, and Social Security Numbers.

NOTE: Northwestern University will never ask for personally identifiable information.

Recent phishing attempts to the University community have included password expirations warnings and requests for NetID passwords, Social Security Numbers and credit card information. The consequences of responding to these bogus e-mails can be devastating to the University as well as to the individual providing the PII.

Protect the University Network

The Northwestern E-mail Defense System (EDS) will prevent the majority of viruses and messages that carry malicious code from reaching the University community. However, as scammers become more sophisticated, the best line of defense is an educated user.

When you receive an e-mail requesting personal information follow these best practices:

• NEVER reply to an unsolicited e-mail that asks for your personal information. Remember, Northwestern University will never request personal information via e-mail.  Other institutions (your bank or credit card company) would not e-mail you requesting this type of information either.
• DON'T click on links directly from e-mails. Open a new browser and type the address yourself.  
• BE WARY of messages with suspicious or awkward language. E-mails from NUIT are always in plain text. They will not include exclamation points or colored hyperlinks.
• DELETE messages you confirm or recognize to be phishing attempts from your "Inbox" and your "Deleted Items" folder to avoid accidentally accessing the Web sites within the bogus e-mail.
• DO NOT send personal information through e-mail.
• USE and regularly UPDATE anti-virus and anti-spyware software as well as a firewall.
• BE CAUTIOUS about opening any attachment or downloading any files from e-mails you receive regardless of who sent them.

Know What to Do

Phishing is becoming more popular because of the readiness with which unsuspecting people often divulge personal information. Have a security mindset and be skeptical of any unprompted requests for personal information.

If you are unsure about the legitimacy of an e-mail, immediately send an e-mail to consultant@northwestern.edu before you follow any of its instructions.

Users who have responded to a phishing e-mail must change their NetID password immediately and call the NUIT Support Center at 847-491-HELP (4357) to report the bogus e-mail and to receive further instructions, if necessary.

• Recent Phishing e-mails
  
• Phishing Attempts at Northwestern University 
• Guard Against Social Engineering
• NUIT's E-mail Defense System
• The Federal Trade Commission
• Anti-Phishing Working Group
• The Internet Crime Complaint Center (ICCC)
• National Consumer's League's phishinginfo.org
• OnGuardOnline.gov Phishing Quiz

NUIT Support Center

Central helpdesk for faculty, staff, and students.
847-491-HELP (4357)
consultant@northwestern.edu