Phishing

The Phish Bowl at Northeastern

The Phish Bowl is a resource to help you identify phishing attempts that have been reported or caught. The emails listed below have been confirmed by the Office of Information Security as fraudulent. If you have received any of these messages or have a suspicious email that is not listed here, do not respond or click any links—Just delete them.

Not all phishing emails received by the university can be posted. Always use caution when using email and if you suspect a phishing attempt, report it.

To verify whether an email is phishing, forward the suspected message to phishcatcher@northeastern.edu to investigate.

Confirmed Phishing Emails

Reporting Scams and Identity Theft
Northeastern strives to take every precaution when it comes to preventing scams and fraudulent activity. With modern technology, there are more ways than ever that a potential scammer might try to trick you into providing sensitive information. FAQ: Reporting scams and identity theft provides frequently asked security resource questions.

Reporting Phishing Emails
Even when the strongest email security protocols are in place, occasional phishing or unauthorized emails can sneak into email inboxes. Read How do I report phishing emails? to automatically flag emails and send notifications to both Northeastern IT Services and Microsoft for security analysis.

What to do if you think you’ve fallen for this or other scams?
Safeguarding against scams is a top priority. If encountering suspicious emails related to university accounts or technology, promptly contact the Office of Information Security for immediate assistance. You can also report the incident to the FTC to aid in tracking scams. Remain vigilant against phishing, tech support, financial aid, job scams, and impersonation attempts. By taking swift action, this ensures a secure digital environment for the community.

Tips to Identify Phishing Scams

Know Your Sender

Do not open or click links in emails that arrive from an unknown sender. The sender’s ‘display name’ in the email should match the actual email address it has been sent from. When in doubt, always confirm with the sender through another communication method.

Know Your Content

Links and other content in the email should match the address of the company it claims to be from. Always hover your cursor over links to see where they will direct you, but be sure to not click on them. Only click if you are sure the link is safe.

Keep Your Info Private

Never provide your Northeastern credentials over email and be extremely suspicious of emails asking for personal information. Never provide personal information over email unless you are certain the sender and reasons are legitimate.

Know the Signs

Phishing attempts commonly use fake email addresses that appear real, such as “.northeasternHR@gmail.com.” Always inspect the sender’s email address. A common phishing tactic is to convey a sense of urgency or time sensitivity. Remember to take the time to review the signs and ensure the email is legitimate.