Email Phishing Guidance 

Concordia University, St. Paul members are to be on the lookout for false emails or phishing emails. Higher Education is one of the most targeted industries for phishing attacks. In recent years and months, there has been an increase in phishing attempts on universities. 

We encourage campus members to contact the Help Desk with any future emails that look suspicious. As an end user, these are tips to help identify phishing emails:

• Check the Sender's Email Address - Be cautious of unknown or suspicious domains.
• Look for Personalization - Beware of generic greetings or emails that do not address you directly.
• Avoid Clicking Unfamiliar Links - Hover your mouse over links to see the actual URL. Verify that the link matches the content and the sender's intention.
• Avoid Requests to Go to a Different Email Account – if a person does not want to continue communicating with you on your @csp.edu account, it is not official university business. Our @csp.edu email domain is our official communication channel per our university policies.
• Beware of Urgency - Phishing emails often create a sense of urgency to trick you into taking immediate action.
• Watch for Spelling and Grammatical Errors - Phishing emails may contain noticeable spelling and grammatical errors.
• Think Before Sharing Information - Be cautious about providing personal data, passwords, or financial details.
• Stay Informed - Keep yourself updated on the latest phishing trends and tactics.
• Report Suspicious Emails - If you receive a suspicious email, report it to the IT department. Reporting helps protect not only yourself but also the entire campus community. 

Even with the most diligent of work to prevent phishing exercises, people still might fall victim to a phishing attempt. If you are a victim of a phishing attempt, these are things you should do to mitigate challenges.

• Change any passwords of accounts that correspond to the fraudulent activity. 
• Know the steps to follow and get a recovery plan at https://www.identitytheft.gov/. This website provides a step-by-step guide for recovering from identity theft. It's a valuable resource to understand the necessary actions to take.
• Contact the local police department. Report the incident to the local police is essential for documentation purposes and to initiate any necessary investigations.
• Contact the Consumer Financial Protection Bureau. Contacting the CFPB ensures that you have a resource to address any issues with financial institutions. They are there to assist and advocate on your behalf. -  (855) 411-2372
• Report the Fraud at the FTC - https://reportfraud.ftc.gov/#/ or 877-IDTHEFT. Filing a report here contributes to overall data on scams and can potentially lead to investigations.
• File a Complaint through the FBI at the following website - https://www.ic3.gov/Home/ComplaintChoice. Select the Business Email Compromise option.  Provide the necessary information, including mailing address, email address, phone number, description of the incident, bank information if you provided those details, Recipient bank info if you have that information, and transaction dates.
• Monitor all potentially affected accounts for suspicious behavior and report immediately to the corresponding authorities if identified.
• Contact Credit Reporting Agencies.  Informing credit reporting agencies about the scam helps you add fraud alerts and take necessary steps to protect your credit.
  • Equifax (800) 525-6285 P.O. Box 740250 Atlanta, GA 30374
  • Experian (888) 397-3742 P.O. Box 1017 Allen, TX 75013
  • TransUnion (800) 680-7289 P.O. Box 6790 Fullerton, CA 92634

As you may know, our campus has raised our risk awareness score over the last five years. Through your continued diligence and ongoing education, we provide a safer environment today at Concordia.