GHC’s Cybersecurity team has been receiving steady increase in reports of phishing scams involving fake invoices, sales receipts, and other forms of payment request. The universal goal of these scams is to trick you into thinking before clicking by either responding to these messages or visiting a malicious website. Please remain vigilant for the warning signs of phishing:

• The message asks you to confirm some sort of personal information or payment request.
• The sender address doesn’t look genuine or doesn’t match the purported sender.
• The email is poorly written, contains grammatical errors, and/or incorrect terms.
• The message is overly vague and lacks key information addressing the “Five Ws”.
• The message creates a sense of urgency or attempts to convince you that you’ve made a serious error.

A few examples of these scams are provided below:

You can see how this first example matches multiple warning signs listed above: The sender address is odd, the message is overly vague, creates a sense of urgency, and is missing key information. It doesn’t explain what the supposed late payment is for or even provide the name of the company the payment is for.

In this second example, we can clearly see a gmail address masquerading as an automated Target order confirmation notice. Again, you should immediately notice an overall lack of information and an unnaturally use of language.

In this last example, we see the same warning signs of a scam (a gmail address being used as a order confirmation notice) and a lack of detail. This message also includes multiple links, which almost certainly lead to a malicious website set up to steal your Paypal account credentials, personal information, and/or trick you into downloading malicious software.

If you receive a suspicious email, you can report it to IT by forwarding it to our ticketing system (rt@highlands.edu). Since we are not able to vet every report of phishing in detail, we ask that you remember the golden rule of email: When in doubt, throw it out!