Email phishing awareness

Update | Friday, October 17, 2025

Across the education sector, phishing scams are a leading cause of incidents and breaches. Motivated by financial gains, cybercriminals primarily target personal information and account credentials. Read this Microsoft article about a scam targeting colleges and universities. 

Common indicators of phishing: 

1.     Deceptive or unknown sender “from” or “reply to” email address. 
(review the sender address; example: CSCC Human Resources <o_badactor@hradmin25.com> 

2.     Email subject marked EXTERNAL 

3.     The email creates a sense of urgency, requiring immediate action 

4.     Unsolicited billings or invoices 

5.     Unsolicited multi-factor authentication (MFA) requests 

6.     Starts by asking, “I’m in a meeting, are you available for a quick task?” 

7.     Requests for gift cards 

8.     Request to “update your information” 

Additionally, review any website along with the URL before entering your credentials or personally identifiable information. A common tactic is to mimic real websites to trick users into believing it is the real site. See the example below. A bad actor can mimic Columbus State's login page to trick you into entering your credentials. 

 

Go to 2025 Update Archive Go to Employee Update