What is Phishing?

A phishing email is a cyber-attack designed to gain unauthorized access to an individuals, or organizations, personal and/or sensitive information. Phishing emails are becoming much more sophisticated where they appear to orginate come from a trusted contact, are well written, and lead to a site that closely resembles the spoofed website. If you receive a communication that asks you to give your account credentials or personal information (for example, your social security number, birth date, or credit card number), DO NOT click the email link. Instead, go directly to the expected website and verify that the communication came from that organization.

Although spam filters are in place that remove many phishing emails, cybercriminals deploy an ever-changing list of techniques to bypass automatic detection. Below are three common phishing scams you may encounter at University of Richmond.

Financial Phishing Scam

Sometimes emails offering a way to make quick cash or pay for tuition are too tempting to resist. That’s why many phishing scams aimed at college students offer scholarships, student loan forgiveness, credit card debt consolidation or “good-paying” jobs.

Things to remember:
  • Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the sent email address.
  • Check the company's website. Businesses typically post job information on their websites, not on Google Drive.
  • Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Always be wary of messages that seem overly general. If a recruiter was really emailing you, he/she should have your name and job title.

Impersonation Phishing Scam

Receiving an email from someone in leadership at a college, such as the President, is a very normal occurrence. Scammers also realize this and will attempt to impersonate someone in a leadership role. The intent of this type of scam is to get you to disclose sensitive information by replying to the email or by clicking on a malicious link.

Things to remember:

  • Do not disclose your password to anyone in an email.
  • If someone is asking for personal information from you, pick up the phone and call the person who is asking.

Gift Card Phishing Scam

A common scam taking place is for scammers to pose as a coworker, such as your boss or director, or a family member in need. The scammer gives a very believable story as to why they need a gift card. The scam is for you to buy the gift card, send over the numbers from the back and then then they will pay you back at a later time.

Things to remember:

  • Once a gift card code is revealed it is the equivalent of cash. There are no ways to recover funds once the code is given away.
  • The best way to avoid becoming the victim of this scam is to pick up the phone and call the person who is asking.
  • Gift Card scams can be reported to the FTC at https://www.ftccomplaintassistant.gov/#crnt&panel1-1


What can I do?

The FTC encourages everyone to file a complaint whenever they have been the victim of scams, identity theft, or other unfair or deceptive business practices. Complaints can submitted to the FTC at http://ftc.gov/complaint.

If you receive a phishing scam on your University of Richmond’s email please forward it to spam@richmond.edu. If you are unsure if it is a phishing email or legitimate, feel free to contact us at infosec@richmond.edu.