Check out the following video on how to identify and protect yourself from scammers and Internet threats!
Email scams, also known as phishing, come in many flavors. We try to help you protect your personal information below:
Below is an example of a phishing scam email. While the email says from “Virginia Commonwealth University” one clue to indicate that this is a phishing attack is that the domain is not a vcu.edu domain email.
Email Scam [View Image]
[dropcap]T[/dropcap]ell-Tale signs of a Email / Phishing Scam:
When you see a link in an email, it is very important for you to check the legitimacy of the link before clicking on it, as some of these links leads to malware and virus downloads that can infect your computer. To check for the true destination of a link, simply hover your mouse over the link, and the true destination of the link will appear next to the link, or near the bottom of your screen.
Additionally, attachments in emails can also be used to infect your computer or steal your information, and the attachments should never be opened if you are unsure of the legitimacy of an email.
The above email sends you to a phishing scam web page. While the page may look like the authentic VCU Central Authentication Page , the image below shows that the webpage has a non-VCU web address:
Scam Webpage [View Image]
[dropcap]H[/dropcap]ow do I identify non-VCU web addresses?
Malicious web pages will always try to fool you into thinking that they are legitimate sites, one definitive way to identify whether if a link is legit is to look at the link destination. To look at the link destination without clicking on the link, you can simply hover your mouse over a link to reveal its true destination. In a browser, you can simply look at the URL or address bar at the top of your browser to identify the destination of a link. Please keep in mind that you should not click on links without verifying the link destination first.
The link destination should always be read backwards, where the true destination always appear just before the first “/” and after the “http://” or “https://”
For Example, the following screen shows a web page that appears to resemble the VCU web mail login page.
However, upon close examination, you will notice that the link destination or URL is:
Although “mail.vcu.edu” appears in the link, this is not a VCU page at all. As you can see below, the website in this case is fgdsgtdZx.com, as fgdsgtdZx.com appears right before the first “/” and after the “http://” or “https://”
Clicking a link that looks innocent can compromise your account and cause it to be used to send thousands of spam emails. Remember, VCU will never ask you for your eID or password via email.
[dropcap]H[/dropcap]ow do I Report phishing emails and who do I contact for more questions?
If you have any concerns about the validity of any email you receive, or to report a phishing scam please contact the VCU IT Support Center (828-2227, firstname.lastname@example.org) for assistance.
For more information and tips on how to identify phishing scams, please visit our Phishing Prevention Training.
Click the Name
Click the Name Again
Voila! We can see this NOT a legitimate VCU email. Now we should forward this email to email@example.com so they can take appropriate action.
Click the ‘tiny’ arrow
Great! Now we can see who sent this email. This is not a legitimate VCU email. Now we should forward this email to firstname.lastname@example.org so they can take appropriate action.