We have noticed a recent increase in the number of “phishing” emails coming to Gordon-Conwell email addresses. Phishing emails are scam emails designed to appear authentic; they attempt to deceive recipients into providing sensitive personal information by masquerading as people or organizations they know and trust. This detailed article from the Privacy Rights Clearinghouse has valuable tips for how to identify phishing emails and protect yourself and your personal account information from these attempts at identity theft: https://www.privacyrights.org/blog/watch-out-phishing-emails-attempting-capture-your-personal-information
Below is a 2-PART series titled
We hope that this will help you discern if you have received an email from a cyber-intruder. If you receive an email that appears to come from a trusted source but sounds suspicious and/or asks for personal information, please take precautions. Do not reply to the email, click any links in the email, or open any attached files. Instead, go straight to the purported source to verify the request (by phone or in person), and please forward the suspicious email to [email protected] for review.
Security is all about knowing whom and what to trust. When you receive an email, ask the following questions:
These are key questions you should ask every time you receive an email. The problem with phishing is that emails are purposely designed to appear authentic. This makes discerning a phishing email attempt quite difficult. In order to help you better detect a phishing email, we have provided you with: 1) a 5-minute interactive presentation and 2) a 5-minute quiz with real life examples of what an external phishing email may look like.
Step 1. 5-minute interactive presentation: https://www.consumer.ftc.gov/sites/default/files/games/off-site/ogol/_phishing-scams.html
If you are using a Mac, your Safari browser may not display the Flash content at this website. Please copy the link to a Google Chrome browser instead.
Step 2. 5-minute quiz: https://www.sonicwall.com/phishing/phishing-quiz-question.aspx
At the end of the quiz, please review your results and each of the corresponding explanations, particularly if you got an answer wrong. (Please click on every “why” link.)
If you receive an email that appears to come from a trusted source but looks suspicious and/or asks for personal information, please take precautions. Do not reply to the email, click any links in the email, or open any attached files. Instead, go straight to the purported source to verify the request (by phone or in person), and please forward the suspicious email to [email protected] for review.
In Part 1, we examined how security is all about knowing whom and what to trust. When you receive any email, ask the following questions:
In Part 2, we shall examine how an internal phishing email with a gordonconwell.edu FROM: address may appear.
STEP 1: Question
Say you are part of the Finance team at Gordon-Conwell. What if you received an internal email from someone important like the seminary president that looks like this?
In internal phishing emails, cyber-intruders usually try to mimic the most important person(s) in an institution to obtain personal information. Here, Question 4 above is important: Does the information requested sound like something the requester would ask me?
STEP 2: Validate
Although the email above appears to be from the correct person, do not naturally assume that it is from the seminary president. In many cases, cyber-intruders use a technique known as spoofing to trick the end user with internal-looking forged email addresses.
Here is a quick and easy way to validate the actual source of the email.
Double-click on the name of the sender.
Examine the email address.
Note: Please read carefully. In the example above, it is from g0rd0nc0nwell.net, not gordonconwell.edu or gcts.edu.
Close the email and remember: DO NOT CLICK SEND.
Please forward the suspicious email to [email protected] for examination and action.
STEP 3: Verify
In the event that the email address is valid (from gordonconwell.edu or gcts.edu) but the email still looks suspicious, contact the sender to verify the request (by phone or in person). If the email is from President Hollinger or anyone in leadership, remember to always contact their administrative assistant to verify as they may be traveling.
Whether you are part of our faculty, staff, or student body, take a moment to pause and always examine the source of the email. We hope that our 2-Part series has been informative and helpful for you. As an IT team, we are always committed to working with you. Together, we can ensure that your personal information and that of our seminary is secure.
Please contact us at [email protected] if you have any feedback or questions.
Do you have a technology-related issue or request? Let us know how we can help you!Email