This targeted phishing scam impersonates the Information Security Office to create fear to cause the recipients to act, clicking on the malicious link.
Tips if Something Seems Off:
Double-check the email address before responding
Look to make sure the email address is correct. In Outlook hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust. This phishing email example shows that the email originated outside of Auburn.
Follow up with the sender separately
If you didn’t expect it, reject it. Or follow-up with the individual directly in a separate email or call/text to confirm.
Hover over the link
Ensure that there are no signs of a potentially malicious URL or a URL that mimics a safelink. For example, https://x11.safelinks.protection.outlook.com could be a legitimate link. However, https://na011.safelinks.protection.outlook.com.url.protected-forms.com would not be a legitimate safelink.
Original Message
Warning
The links and email addresses included in these messages are from real-life examples, do not attempt to explore them.
The most dangerous links have been removed - you can hover your cursor over these links to see the original address in a pop-up techtip (instead of in the corner of the browser window).