No one needs your password
Emails asking you for personal information should be a red flag. There is simply no need to ever give anyone your password. Do not reply to any email or complete any form asking for your password, no matter how urgent they make it seem. This especially holds true to email appearing to come from Concord IT or Helpdesk, we have no need to ask you for your password.
Think before you click
Be very careful clicking links in emails no matter how legitimate they look. What they say and where they go can be very different. Scammers can easily redirect you to a malicious site that installs malware or ransomware on your pc. If the link is from someone you know, check with them first before clicking and make sure they really sent it, and that their account was not compromised.
Never click a link to change your Concord password, only change it at mypass.concord.edu (hand type the url). If you absolutely must know where a url goes, hand type it in the address bar, don't click it.
Avoid unexpected attachments
If you receive an attachment that you are not expecting, don't open or download it. If you know the person sending it, contact them through other means (don't reply) and ask them if they really sent the attachment. Otherwise it's best to just delete it.
Look at the sender's email address
If you receive an email from someone with a name you know but the email address doesn't look right, be skeptical. For example, if you receive an email from Apple and the sender's address is email@example.com, this is clearly not from Apple and is a scam.
Don't send social security numbers in email
If you are an employee or student at Concord, use your 774 ID number only. If it's necessary to give your SSN, do it in person, discretely, or encrypt your email, see How to send encrypted email for more information on email encryption. IT has safeguards to prevent the sending of social security numbers in email, but these are only effective when using university email. The best security is to simply not do it.
Warning signs and red flags
- The majority of phishing emails will have poor grammar, spelling errors, and poor syntax, or just doesn't make sense
- If you were cc'd on an email but you don't personally know the other people
- Asking for personal or account information should be a huge red flag that the message is a phishing attempt