Phishing Scams and Prevention

Phishing scams are very common, and typically come in the form of an email. The basic idea behind them is to get you to click on a link that copies your personal information or gets you to send something back that provides them with your personal information.

Northeastern ITS has resources to help you identify and prevent phishing emails. They maintain a “Phish Bowl” in which you can look up phishing emails that have been sent to Northeastern users, reported to ITS, and confirmed as phishing emails. Please see this link to view the Phish Bowl: https://security.its.northeastern.edu/phishing/

If you receive a phishing email, do not respond or lick any of the links. You can delete the message, report it using the “Report” > “Report Phishing” feature on your email, or forward it to [email protected] to investigate.

Common scams

“Jobs Opportunity” or “Work Opportunities” or “Opportunities Staff and Student Jobs Are Available Immediately”

  • These are common subject headers for phishing emails that have been reported to Northeastern’s ITS and confirmed as phishing.
    • They may seem like a legitimate subject line, but if you look closer at the email you might notice some discrepancies. The actual email address could be random or non-Northeastern, there could be mis-matched text formatting, spelling or grammar error. If it is asking you to apply via responding to the email or clicking on a link to an unknown site, these are also potential red flags. Further, if something is “too good to be true,” it probably is.
  • Northeastern-approved jobs are posted on N.U.Works, not via random links and PDF applications.

“COMPLETE THE VERIFICATION PROCESS” or “We received notice that your account is being terminated”

  • The sender may spoof a Northeastern user or department.

The message may read:

“Open attachment and fill in correct details to start you verification process.”

  • If you are not expecting an email to “verify” anything or open an account, etc. this is probably a scam.
    • If you are expecting an email regarding a verification or on-boarding process (e.g. for a new job), you can confirm with the direct person who hired you (or a known contact from the company or department) if this email is indeed connected to the job/process you are starting.
    • If it is from what appears to be a Northeastern University email but seems suspicious, you can search on a Northeastern official website for an email or phone contact and email them separately to confirm if they were the ones who sent you the email. Find the email independently on the website and email them directly, do not respond to the suspicious email, even if it appears to be the same as the official email address you found.

“Got a minute?”

  • The sender may appear as [name]@gmail.com or spoof a Northeastern user or department.
  • The message may read:

“Send me your available cellphone number # that I can reach you at.

Best Regards,

[name]

Dean

College of Arts, Media and Design

  • This and similar emails have already been reported and confirmed as phishing to Northeastern ITS. You can report as phishing again, or simply delete the email.

“ACTION REQURED: STUDENT’S FUNDING”

  • The sender may spoof a Northeastern user or department.
  • The following message has been reported to and confirmed as phishing by Northeastern ITS:

“*You may disregard this automatic email if you have already submitted in Student Funding e-form and it is pending review by OGS*

Dear [name]

The Office of Global Service (OGS) has some important information below for you. Please follow the following process so we can properly assist you.

If you have arrived in the U.S. this term:

Once you arrive in the U.S. and confirm your attendance at school, you are required to have a open an bank account of any local bank. After the account is set, you should have at least $100,000 in your bank account for at least 2 months, and we will hold these part of money temporarily for as a certification. This certification will be used for Northeastern University to estimate your capability for your continuous attendance in your program studying. After the certification is reviewed and your qualification is confirmed by us, we will send an email to you to inform you of your status updated and release your money in the bank.

If you have prepared your funding, please click here to submit the Student Funding e-Form. This e-form is required for all F-1 students who begin their first term in Northeastern University, thanks for your understanding.

If you are having problems accessing the E-Form, please email [email address] or call [phone number]. We look forward to hearing from you and support you. 

Regards,

Office of Global Services”

How to avoid & helpful tips

Quick tips:

  • Know your sender–Don’t open attachments or click links in email from unknown senders. Look at the sender’s email, not just their name. Is there anything wrong with the email—perhaps a misspelling or a random number in place of a letter?
  • Know your content–Hover over links to verify the URL. Don’t download or open attachments unless you trust the sender.
  • Keep Your Information Private–Never provide your Northeastern credentials over email. Be especially suspicious of emails asking for sensitive or personal information.
  • Know the SignsFamiliarize yourself with common phishing techniques and red flags.

Never approve a DOU 2FA authentication request that you didn’t initiate. If you receive a notification you didn’t initiate or that seems suspicious, please this guide for “When not to approve a DOU 2FA authentication request

Click here to see Northeastern ITS FAQ page on Reporting scams and identity theft.

For more information on how to detect and report email spoofing, please see Northeastern’s resources here.