Phishing emails on the rise: What to look for and how to avoid getting duped

Reports of tricky phishing emails, disguised as urgent messages from high-level administrators, are on the rise. Here’s how to avoid getting duped. 

• Check the sender. Some of the phishing emails are coming from spoofed accounts like “John.Doe.Purdue@gmail.com.” 
• If the request is asking for money, gift cards or access to sensitive information, double check with the alleged sender through a different channel, such as a phone call or Skype message. 
• If the request is to provide your personal phone number, don’t give it unless you’re absolutely sure it’s a legitimate request. 
• Think before you click. Don’t click on links or download attachments that you’re unsure of. 
• Report suspicious messages to abuse@purdue.edu by selecting the “report message” feature on Outlook for desktop, the Outlook web app or the Outlook mobile app. 

ITaP has received several reports of messages with attachments that look like a voicemail from a known colleague. Additionally, there are phishing emails going around that appear to be from high-level administrators asking for a “quick response.” Remember: Scammers try to create a sense of urgency  to get you to act. Slow down and think about the request before acting on it. 

It’s also easier than ever to report phishing emails using the “report message” addition to Outlook. Reporting a phishing email sends a report to the security team for immediate review so the scammer can be stopped. 

For more information and resources, visit Purdue.edu/securepurdue. 

Last updated: Nov. 3, 2020