Home

Position Opening Phishing Response

Hi! Unfortunately, you provided your information in a phishing email exercise.

No worries! The phishing simulation was done as a learning exercise by ITS as announced in the Digest. Your credentials were not captured and results will remain anonymous.


Warning: Undefined variable $page_cta in /var/www/vhosts/dev.fastspot.com/httpdocs/clients/siena/templates/basic/content.php on line 10

Phish Alert

Here is a brief summary of the suspicious elements of this particular phishing email.

  • The sender’s email address is obviously not a Siena professor's legitimate email and the sender’s email address even misspelled Siena.
  • The professor named in the email is not an actual Siena professor. You should search the Siena website to see if the sender is a real person and if there is any doubt or suspicion about the message, reach out to the person through another channel (phone, face-to-face).
  • Siena departments know not to send this type of vague open solicitation and would use a much more formal process to solicit applicants.
  • The links in the email (if you hover over them) are suspicious and they definitely are not pointing to Google even though the page looks like a Google login.
  • Unsolicited job offer emails are a very common scam—you should always be wary when you receive any email like this. "If it sounds too good to be true, then it is probably too good to be true."
  • Always exercise caution when an email creates a sense of urgency. The email says there is an “urgent” need for employees and there are only 3 positions available which makes people feel they need to act quickly due to fear of missing out on an opportunity. Social engineering tactics exploit our basic human impulse to respond to urgent requests.
  • There is strange phrasing, missing punctuation, grammar issues, and formatting anomalies in this email. Grammar, spelling, missing or incorrect punctuation, and odd layouts are huge red flags that the email is coming from a malicious source.
  • You should always exercise caution when an email asks for personal information such as name, email, address. This is usually a sign of a phishing attack or scam.

 

The landing page you attempted to log into also had some obvious clues even though it looks like a real page (scammers can easily scrape real pages and create legitimate looking copies):

Google phishing scam landing page

 

A real phishing attack like this could put both you and Siena at risk. This exercise was done to show a plausible phishing message and to teach our community how to possibly site such scams and avoid sharing sensitive information with them.

If you ever have doubts about a link in an email or if the email appears to be suspicious at all, simply log into the site directly, reach out to the sender through a separate channel (such as a phone call or speak to them face-to-face) to ensure it is legitimate, or contact the ITS Help Desk.  Students should be especially wary of job offers where the job might seem too good to be true (work from home, high pay, easy workload) and especially if the job offer is unsolicited (you did not apply for the job being offered).  We have seen these scams go so far as to send the recipient a check. Once these checks are deposited they provide your account number to the scammer along with unexpected fees and withdrawals.

Use your best judgement when reviewing all email and phone calls and if you ever have a question on the legitimacy of an email you can always contact the ITS Help Desk.