The Phish Bowl at Northeastern
The Phish Bowl is a resource to help you identify phishing attempts that have been reported or caught. The emails listed below have been confirmed by the Office of Information Security as fraudulent. If you have received any of these messages or have a suspicious email that is not listed here, do not respond or click any links—Just delete them.
Not all phishing emails received by the university can be posted. Always use caution when using email and if you suspect a phishing attempt, report it.
To verify whether an email is phishing, forward the suspected message to phishcatcher@northeastern.edu to investigate.
Confirmed Phishing Emails
Reporting Scams and Identity Theft
Northeastern strives to take every precaution when it comes to preventing scams and fraudulent activity. With modern technology, there are more ways than ever that a potential scammer might try to trick you into providing sensitive information. FAQ: Reporting scams and identity theft provides frequently asked security resource questions.
Useful Resources
Even when the strongest email security protocols are in place, occasional phishing or unauthorized emails can sneak into email inboxes. There are several resources available to help you avoid becoming the next victim of a phishing attack:
- Learn how to detect and report email spoofing.
- If you receive an authentication request from Duo you didn’t initiate, review When not to approve a DUO 2FA authentication request for more information.
- Read How do I report phishing emails? to automatically flag emails and send notifications to both Northeastern IT Services and Microsoft for security analysis.
What to do if you think you’ve fallen for this or other scams?
If encountering suspicious emails related to university accounts or technology, promptly contact the Office of Information Security for immediate assistance. You can also report the incident to the FTC to aid in tracking scams. Remain vigilant against phishing, tech support, financial aid, job scams, and impersonation attempts. Taking swift action ensures a secure digital environment for the community.
Tips to Identify Phishing Scams
Know Your Sender
Do not open or click links in emails that arrive from an unknown sender. The sender’s ‘display name’ in the email should match the actual email address it has been sent from. When in doubt, always confirm with the sender through another communication method.
Know Your Content
Links and other content in the email should match the address of the company it claims to be from. Always hover your cursor over links to see where they will direct you, but be sure to not click on them. Only click if you are sure the link is safe.
Keep Your Info Private
Never provide your Northeastern credentials over email and be extremely suspicious of emails asking for personal information. Never provide personal information over email unless you are certain the sender and reasons are legitimate.
Know the Signs
Phishing attempts commonly use fake email addresses that appear real, such as “.northeasternHR@gmail.com.” Always inspect the sender’s email address. A common phishing tactic is to convey a sense of urgency or time sensitivity. Remember to take the time to review the signs and ensure the email is legitimate.