Phishing is when a criminal tries to trick us into sharing sensitive information or downloading malware. They may impersonate trusted individuals, organizations and businesses.

Phishing comes in many forms — like email, text, shared Google Docs or even calendar invites.  Scammers often share links that can harm your device or send you to a fake website or log-in page. And one wrong click or log in puts you and the university at risk.

Common scams that target our campus community include:

• University account issues
• Payroll and pension review scams
• Student job offers

To avoid these and other phishing scams, always remember these three tips:

1. Be Suspicious

• Be wary of anyone asking for your contact, financial or login information.
• Always verify the sender’s email address, even if it seems familiar.
• Assume that any threat or request for money is a scam. Do not respond or send payment.

2. Take Your Time

• Hover over links — or carefully press and hold on a mobile device — to see where they point. If the destination is unclear, it may be a scam.
• Before you log in to an NC State Shibboleth page, check the URL. It should always start with shib.ncsu.edu.
• Look out for these red flags:
  • A sense of urgency
  • Unexpected messages
  • Offers that are too good to be true
  • Generic language
  • Typos

3. Ask for Help

Protect yourself and the university community by reporting any suspected phishing. Use one of these methods to report it directly to the Office of Information Technology (OIT) Cybersecurity Operations team:

• Use Gmail’s built-in reporting feature:

1. 1. On a computer, open the suspicious email.
   2. Click the More option (three vertical dots) at the top-right corner.
   3. Select Report phishing.

• Send suspicious emails to phishing@ncsu.edu.

More Resources

• Subscribe to OIT News for monthly cybersecurity tips.
• Read the newsletter archives for previous tips.
• Watch OIT’s phishing video.