COVID-19 scams persist and some students are falling for them: What to look for and how to avoid being phished

Email subject lines such as “APPLYING FOR BENEFITS ONLINE FOR COVID-19 CLAIMS” should be ignored and reported using either the “Report Spam” button in Outlook/O365 or forwarded as an attachment to abuse@purdue.edu.

But don’t expect the phishing scam emails to stop there. As classes begin in another semester disrupted by the COVID-19 pandemic, cybercriminals want to capitalize on the lack of in-person interactions and confuse employees and students.

What are they looking for? Passwords, social security numbers, credit card numbers, cash from a wire transfer, and more. Other examples of recent phishing subject lines include “Memo: From the HR Dept,” “Process has begun by our administrator.”

Never purchase a gift card or other items with your own personal credit or debit card, even if you think the request is real.

Don’t give out your private information without double-checking the source on another communication channel. Give your boss a call if something doesn’t seem right to confirm. Send a message via Teams or text to their personal number to see if the email request is legitimate. If you have any doubts, do not respond at all.

If you know an email is a phishing email, you can report it via Outlook and Office 365’s “Report Spam” button. You can also forward the email as an attachment to abuse@purdue.edu.

Phishing scams often involve similar tactics and tricks, including:
  • Provoking fear or urgency. If the email asks that you act fast to avoid a serious consequence, be suspicious.
  • Asking you to click. If an email says to click on a link, move your mouse to hover over it to see where it actually leads. If you think there may be a problem, don’t click.
  • Vague language. If the email is addressed to no one or a generic greeting such as “colleagues” and contains few details, it’s likely a scam. Look for spelling and grammatical errors as well.
  • Emails coming from @purdue.edu email addresses may seem legitimate, but if the email is asking for personal information or access to data or accounts you oversee, double-check with the sender via another communication channel.
Visit the Secure Purdue website, https://www.purdue.edu/securepurdue/, for more information about staying safe online and keeping your personal data and Purdue's data secure.

Last Updated: January 22, 2021