Wheaton College Color Logo

New and Changing: Updates from AIT

Posted June 9, 2016 by Academic and Institutional Technology
Tags: Phishing Attempts

Phishing Alert | "jonathan.blanchard"

Some employees recently received an email claiming to be a request for payment. The email includes a “drive link” to a payment form and asks the recipient to fill it out as quickly as possible.

This email is a phishing attempt. Do not click the link. Thank you to all who reported this scam.

If you responded to this scam, please contact us at 630.752.4357 (HELP).

How to Spot a Phishing Attempt

Phishing Example

The images above are screenshots of two different versions of this phishing attempt. Here are some indications that these emails are not what they claim to be:

  1. The sending email addresses do not match the name at the bottom of the email.
  2. The subject line is the target’s Wheaton username in firstname.lastname format and was almost certainly taken from their email address. While this does not always indicate a phishing attempt, it's still a sign to be more cautious than usual.
  3. The email is poorly worded and very ambiguous. Though it requests payment, the description gives no details of the reason, the amount, or the recipient of the money.
  4. Notice that both emails are intentionally vague. This is an attempt make the target feel it is necessary to click the link for more information.
  5. Both emails contain a reference to a “drive link.” Phishing attempts often use technical terminology to disguise how little information they contain. The link may take the target to an actual payment form, it may mine for personal information, or it may lead to a website that initiates a download of malware. It is never wise to click on any link in an unsolicited email, especially from a sender you do not know.
  6. Neither email contains a signature with pertinent contact information. Most organizations require some form of standardized signature that includes phone number, email address, website information. Although some phishing attempts will include a signature, most scammers do not want to be contacted and will not include this information.

Some versions of these emails are better at imitating legitimate requests than others. If you notice any of the warning signs listed above in an email you receive, do not click on the link or respond to the sender.

Always exercise caution when responding to emails. If you're not sure whether an email is a phishing attempt or not, contact us or call 630.752.4357 (HELP).