Phishing and Scams

There are a couple ways you can take part in protecting your credentials, account, and devices.

You’re part of multifactor authentication.

We recommend using the Microsoft Authenticator app on your smartphone to facilitate the multifactor authentication step that’s required for signing into Microsoft 365 resources.  It’s more reliable and easier than entering a six-digit code sent via text message.

Be sure to only approve requests that are part of a login initiated by you.

A few tips to protect your account:

Ask yourself a few questions if you receive a message asking you to take immediate action, click a link, or enter your password...

Who sent the message?  Who's the message addressed to?

Consider whether you know the person who sent the message, and whether that person would be sharing a document with you or asking you to take action – even if the sender has an @northwestu.edu address.  Official requests won’t come from an external address.  Also look at who the message is addressed to – be suspicious if you're not a direct recipient or if the other recipients don't seem to be related.

What's the message context?

An unexpected or unsolicited message with an opportunity or shared document (link or file attachment) is often an indicator that it's spam or a phishing attempt.  Requests to purchase gift cards for a supervisor or to transfer money are a common scam.  Offers that seem too good to be true often are scams, as well.

How is the message's formatting and grammar?

Scam, spam, and phishing emails will often use wording and formatting that are unprofessional.  Official message templates are reviewed by teams of people to ensure both proper grammar and consistent formatting/branding.  If the message you receive doesn't quite look right or uses awkward phrasing, it should likely be deleted.

Where will the link take you?

If the message seems to pass the previous checks, the last thing to check is where a link is taking you.  Hover your mouse over (or tap-and-hold) the link to see the link's address.  If the link doesn't match the sender, or goes to an unfamiliar web address, don't open the link.

If it's clearly a scam, please simply delete the message.  If you're not sure whether an email is valid, feel free to forward it to the IT Help Desk (help@northwestu.edu).  Also let us know if you believe that someone's (or your) NU account has been compromised so we can take immediate action.