Phishing Information

What is Phishing?

Phishing is a scam where attackers send emails pretending to be from trusted sources—like campus IT or a university VIP—in order to steal your account credentials. These emails may:

• Ask you to reply with your username and password.

• Contain links to fake websites that mimic real login pages.

• Ask you to complete a form that asks for passwords, banking information, or other sensitive information.

Even if the email appears to come from a @commonwealthu.edu address, it may be spoofed, or that sender may have had their account compromised. These messages often direct you to respond or submit information to an outside, non-commonwealthu.edu location.

Once scammers have your password, they may:

• Send spam from your account.

• Delete your mailbox contents to avoid detection.

• Forward all your email to their inbox.

• Access other university systems and data you have permissions for.

Common Phishing Tactics

Phishing emails often:

• Ask you to "verify" or "confirm" your account or say it will be deactivated due to inactivity or storage limits.

• Include urgent language to scare you into acting quickly.

• Mimic Commonwealth University branding (logos, addresses, and even real staff names).
   

REMEMBER:
Commonwealth University will never ask for your password or request sensitive info via email or a form.  EVER. 
Commonwealth University will never ask you for your 6-digit Duo code.  EVER.   If you get contacted by someone asking for this code, visit password.commonwealthu.edu to change your password immediately.

How to Spot a Phishing Email

Watch for:

• Poor spelling and grammar

• Odd formatting or inconsistent styles

• Generic greetings or no named sender

• Suspicious reply-to addresses (check email headers if unsure)

• Requests for personal info like passwords, country, or webmail URL

• Missing contact info (no phone number or legitimate person listed)

• Sense of urgency, i.e. ("Act Now!)

• Asking for account verification, or threats of account deletion for non-response,

• Strange or mismatched hyperlinks (hover over them before clicking)

Why It Matters

When one Commonwealth University  account is compromised, it can lead to:

• Spam being sent from university servers

• CU mail servers being blacklisted across the Internet

• Email delivery issues for all CU users
   

If you're unsure about an email, don’t click links or enter credentials.  Report it by marking it suspicious, or forward the message to phishing@commonwealthu.edu,  our teams will take action as appropriate.  Quick action on suspicious emails helps protect everyone!

 

If You’ve Fallen for a Phishing Scam

1. Change your password immediately.
   This cuts off the scammer’s access to your account.  Visit password.commonwealthu.edu

2. Be prepared for fallout.
   If your account was used to send spam, you may receive angry replies and Non-Delivery Reports (NDRs) for several days. Compromised accounts often send tens of thousands of emails before being secured.

3. Check for malicious mailbox changes.
   Scammers may:

   • Create rules to hide or delete incoming/outgoing mail.  Use the “Recover Deleted Items” feature to restore any removed messages. 

   • Delete or alter your email signature

   • Set a spam message as your signature

4. Report the incident to phishing@commonwealthu.edu
   If we detect that your account is compromised, we might reset your password to block the scammer, and if we do, we'll send a text to your account if your cell phone number is known, This also locks you out. To avoid unnecessary lockouts, notify us once you’ve changed your password and regained control of your account.
    

Further Resources:

• Try your skills with a phishing quiz:  www.phishingbox.com   
• Take a look at the Phishing wikipedia page.
• Microsoft Documentation on Managing Mailbox Rules