Hi! Unfortunately you provided your information on a phishing email exercise. No worries! This was done by ITS as announced in the Digest as a learning exercise. None of your data was collected and results remain anonymous.
We just wanted to show a plausible phishing message and to teach you how to possibly site such scams and avoid sharing sensitive information with them.
- The sender’s email address had nothing to do with the professor’s name and it had nothing to do with a legitimate office on campus. Also, the sender’s email address misspelled Siena.
- The professor named in the email is not a Siena professor. You should search the Siena website to see if the sender is a real person and if there is any doubt or suspicion about the message, reach out to the person through another channel (phone, face-to-face).
- Shouldn’t an email like this have come from a professor or department you are familiar with such as Student Life, a department associated with your major, or the Career and Internship Center (CareerSaint)?
- The links in the email (if you hover over them) appear to be suspicious and they direct you to log in to a Google account.
- Unsolicited job offer emails are a very common scam—you should always be wary when you receive an email like this.
- Phishing emails often have generic greetings and signatures like this one. If an email does not mention you specifically by name, it is a red flag.
- Always exercise caution when an email creates a sense of urgency. The email says there is an “urgent” need for employees and there are only 3 positions available which makes people feel they need to act quickly due to fear of missing out on an opportunity. Social engineering tactics exploit our basic human impulse to respond to urgent requests.
- There is strange phrasing, missing punctuation, grammar issues, and formatting anomalies in this email. Grammar, spelling, missing or incorrect punctuation, and odd layouts are huge red flags that the email is coming from a malicious source.
- You should always exercise caution when an email asks for personal information such as name, email, address. This is usually a sign of a phishing attack or scam.
Students should be especially wary of job offers such as the one below where the job might seem too good to be true (work from home, high pay, easy workload), especially if the job offer is unsolicited (you did not apply for the job being offered). If an unsolicited job offer requests your name, phone, address, or other personal information, you should not reply before verifying that the email is legitimate. The first tip-off that this email is not legitimate is that the subject line is requesting research assistants, while the body of the email mentions administrative assistants.