Quick tips for how to recognize common scam techniques, examples of scams targeting Wheaton College, and what to do if you think you’ve been scammed.
What is a Phishing Scam?
Phishing occurs when a scammer attempts to steal information by posing as another person or organization. Most phishing attempts occur over email and target data such as username, password, financial information, or legal documentation such as a driver’s license number or Social Security number.
People responsible for phishing scams often target institutions like Wheaton College because of our size and because of our institutional identity. Some will be targeted toward specific populations such as students or employees. Sometimes, scammers even go to elaborate lengths such as incorporating the College logo, changing the send address to look like it is being sent by a college department, or creating a webpage that looks like the Wheaton website or Portal.
Beware these Common Tactics
- Unsolicited Job Offers
- Sign in to Verify Your Account
- Unlock Your Account
- Unusual Activity Noticed On Your Account
How to Spot Phishing Scams
- Phishing scams typically create urgency to avoid scrutiny. They often present the recipient with a problem or an opportunity and tell the recipient that they must quickly provide more information in order to proceed.
- Phishing scams create trust through impersonation but have trouble with the details. If you receive an unexpected email, verify that sender's name, email address, organization, and signature make sense. If the information doesn’t list come from a valid email address and include a valid campus extension, that’s an indicator that the message is a scam.
- Example: If someone claims to be Jordan Smith, who works for Wheaton College Academic and Institutional Technology, but their email address is email@example.com, it's a phishing scam.
- Example: If an email says it’s from firstname.lastname@example.org, check to ensure that the address is valid. In this case, it’s not. Check for a Human Resources signature that includes the office phone extension and information about who to contact with questions.
- Phishing emails frequently contain links to a different page than they advertise. To avoid being taken somewhere you don’t want to go, copy and paste the link into your browser and check to see if it looks valid rather than clicking the link in the email.
- Phishing emails frequently contain links to pages that ask for personal information. Whether it’s an online form or a page asking to verify your username and password, it’s never wise to enter information in response to an unsolicited email.
- Phishing sites may look like the real thing, but the address will be wrong. Before you log into an online account, double-check the URL of the page you're on. Phishing attempts are often sophisticated and look almost exactly like the site you're used to. Be sure the URL matches what the site is claiming to be.
- Example: An email links to a site that contains the Wheaton logo and looks like the Wheaton portal. When you check the URL bar, you realize that although the site claims to be from Wheaton its address is mylife.au/a34fcuorenbs. You realize that it is not a valid Wheaton site because the address does not include “wheaton.edu.”
Phishing attempts can also happen over the phone. Be wary of unexpected phone calls, and research the caller before giving more information. Social phishing occurs when a person pretends to be affiliated with an institution in order to access confidential information or a restricted area.
Often, the scammer will contact a specific individual in person, over the phone, or via email. Because the contact is person-to-person, the target tends to be less suspicious. Always double-check someone's credentials before giving them more information. If they're legitimate, they'll understand and appreciate your caution.
Recovering After a Scam
- If you think you might have fallen for a phishing scam, you should take the following steps:
- Change your password. If you use the same password for any other accounts, change those passwords as well.
- Report any emails you received as part of the phishing scam to Academic and Institutional Technology.
- If College data could have been compromised, contact us and let your supervisor know what happened.
- If personal information (such as driver’s license, Social Security number, or passport) has been given to the scammers, you are a victim of identity theft. Contact Public Safety and Academic and Institutional Technology for assistance.
- Watch your accounts for any unusual activity.
Learn how to spot a phishing scam by looking at real examples from our students, faculty, and staff.