...
A few quick tips can severely diminish the odds of one of these attacks succeeding - and if you have any doubts whatsoever about its validity, we IT will examine the messages and inform you of any further steps to take.
Reporting a message
Preserving the message headers will make it easier for us to analyze the message. This can be done by creating an attachment of the message in question (this is not the same as forwarding it). If possible, please follow the steps below when sending the message.
...
Very often, this can be an immediate red flag that something is amiss. You cannot necessarily trust the name itself on an email - instead, a good habit is to always check the sender’s email address. A well known company is very likely not reaching out to you via an gmail.com or hotmail.com address, for example.
There are generally no restrictions on what one sets as their name with email - it’s the same as you being able to freely sign a paper letter with whatever you want. You’re free to use your name, a nickname, or even someone else’s name. Checking the address will very often expose these kinds of social engineering attempts. Receiving an email with the name of a co-worker in no way guarantees their identity and these attacks are relying on your glancing over this.
If you receive such a message, and it’s not from an address you recognize (ideally, any and all Felician related correspondence should be coming from another @felician.edu or @students.felician.edu email address) then something may be wrong. Remember, security happens in layers - even this isn’t an absolute guarantee. If it sounds strange and it came from a Felician address, something may still be wrong!
Additionally, hovering your mouse over the link will show it to you. This can often be a crucial hint as to whether the destination is where you’d expect it to. Beware look-alikes as well! Just because the company name is in the URL does not guarantee its safety, such as:
...