Recognize and report scams and phishing attempts
Be vigilant and learn to spot and report phishing attempts and scam emails.
What phishing is
Phishing is a method of cybercrime where criminals use email, text, social media, or other types of messaging services to trick a victim into clicking on harmful links or downloading malware. Phishing is a type of social engineering tactic, where instead of going after the technology itself, the attacker is going after the victim themselves.
Falling victim to a phishing scam can put your personal information at risk, such as credit cards, social security numbers, banking information, and more.
ⓘ At NAU, we’ll always continue to educate our community on how to spot and report phishing attempts so that not only your individual information, but also sensitive student, health, and financial data, remains secure.
Common traits of phishing emails
- Incentives that seem too good to be true
- Attackers will often promise incentives like money, giveaways, or job offers.
- Urgency or threatening language
- Used to make you panic, oftentimes referencing scenarios where you’re in legal trouble, or your accounts have been compromised, and you need to take action.
- Spontaneous requests for personal information
- Legitimate organizations will never ask for sensitive information like passwords or account details over email or text.
- Mismatched or mismatched sender addresses
- Attackers may use similar-looking send addresses, like John@naucollege-edu.com
- Unfamiliar links or attachments
- Always hover over a link with your mouse cursor when able to see where they lead. If they look suspicious, don’t click on them. Never download any attachments from a sender you don’t recognize.
- Poorly written content
- Oftentimes, attackers will have grammar or spelling mistakes in their writing.
- However, with the rise of generative Artificial Intelligence tools, many phishing emails may appear perfectly well written, so be sure to be extra cautious when verifying the validity of a message.
What to do if you think you’ve caught a phish
If you receive a suspicious email, don’t click on any links or take any action that the message is asking. Immediately report the message to ITS in one of the two ways.
- Report the message directly in your email application with built-in tools
- You can use built-in reporting features inside of Microsoft Outlook and Gmail to report the message. You can read our Knowledge Base article on how to report a phish directly in your email client.
- Forward the message to ITS
- You can also report a phishing message to ITS by forwarding the message to phishing@nau.edu. Remember not to click on any links or interact with the message, just forward it.
ⓘ If you’ve fallen victim to a phishing email and clicked on any links or taken any action requested by the sender, immediately contact the ITS Service Desk.
‹ Back to the 2025 Cybersecurity Awareness Month Overview
