Alerts

Information Technology

Recognize & Report Suspicious Emails

While email is an easy and convenient way to communicate with others, it also provides cybercriminals an easy means for luring potential victims. One of the most damaging scams for individuals and schools when it comes to these scams is phishing.

Phishing is an email scam designed to trick you into doing something that you shouldn’t like divulging sensitive information, wiring money, or installing malware. In fact, phishing is the most popular way for cybercriminals to breach schools and organizations. While Aims’ email protection measures block tens of thousands of malicious emails each day, technology alone is not enough. You are the most important factor in preventing a successful phishing attack.

Recognizing Email Scams

Keep an eye out for the following red flags in emails to protect yourself and the College:
 

Email scams are often poorly written, containing grammatical and spelling errors.

Bad actors rely on social engineering tactics designed to elicit an emotional and immediate response based on fear or excitement. Be on the lookout for words like “urgent” and “important” aimed to get you to take action without thinking twice.

Bad actors often create convincing replicas of legitimate looking email correspondence and online portals. Think twice about providing sensitive information or passwords if something is amiss.

Malware and other malicious actions are delivered through links and attachments. Only click on links or attachments from a legitimate sender that you were expecting. 

Cybercriminals typically send out email scams en masse to many recipients. Be wary if you see non-personalized greetings like "Dear Member" or "Dear Sir/Madam."

Email scams often leverage email accounts that were previously compromised or set up using a free service like Gmail. Similarly, they use fake websites with slightly altered names to trick people into clicking links, or they might use a service like Google Drive or OneDrive to host content that contains malicious links. Be suspicious if an email seems odd or out of character for the sender.

Reporting Suspicious Emails

Please report definite and suspected phishing messages to Information Security. Even if it’s obvious to you that it’s a scam, it was likely sent to others who may not think it’s so obvious. The sooner we know about it, the sooner we can work to prevent risk to the College.

  1. If you receive a suspicious looking email, click on the PhishAlarm button located on the right-side panel of Google Mail in your web browser.
    Suspicious email
  2. You will receive a confirmation message. Click REPORT PHISH.
    PhishAlarm Button
  3. Confirm by clicking REPORT PHISH again.
    PhishAlarm Confirm
  4. You may now close the PhishAlarm window by clicking the X on the top-right.
    PhishAlarm Complete
  5. Aims Information Security will email you shortly after with a conclusion based on their analysis.

  1. Forward the email to phishing@aims.edu.
  2. Aims Information Security will email you shortly after with a conclusion based on their analysis.