University Affairs

Don't Take the Bait: How to Spot Phishing Scams

Students using laptops in a classroom.

Full Size

Phishing is one of the most common and evolving forms of cybercrime. Scammers target people not just through emails but also through phone calls, text messages and social media.

It can be easy to fall for phishing schemes hook, line and sinker. With some education and precaution, however, Aggies can more confidently identify, report and delete suspicious messages when they appear.

What Is Phishing?

Phishing is a tactic used by cybercriminals to trick individuals into revealing sensitive information such as usernames, passwords, bank account numbers and Social Security numbers. These messages are often disguised as legitimate communications from trusted sources like university offices, supervisors or colleagues.

The term “phishing” comes from the idea of luring someone with bait. In this case, the “bait” is an urgent message, fake link or enticing attachment, with the goal of “hooking” someone into responding.

Common Red Flags

Watch for these signs that an email, text or call may be a phishing attempt:

  • Suspicious sender: The email address is unfamiliar or doesn’t end in @usu.edu. The sender may impersonate someone you know.
  • Generic or odd language: Greetings are vague, subject lines don’t match the message, or the text has repeated grammar and formatting errors.
  • Urgent or threatening tone: The message demands immediate action, such as verifying your account or providing financial details.
  • Unexpected attachments or links: Files you weren’t expecting or hyperlinks that don’t match the text when hovered over.

Phishing Tactics Seen at USU

USU’s Information Technology department has identified several common scams targeting the Aggie community:

  • Fake job offers: Promises of easy money for minimal work, often requesting personal or banking details.
  • Estate sales: Scammers advertising high-value items at steep discounts, often linked to fake inheritances or relocations.
  • Impersonation scams: Fraudsters posing as university leadership or faculty.
  • Urgent account issues: Messages threatening to deactivate accounts unless you click a link.
  • Malicious attachments: Documents or PDFs containing malware disguised as legitimate files.
  • File share notices: Messages that mimic Box or Outlook notifications but include malicious links inside the document.

Protect Yourself

You can avoid becoming a phishing victim by following these steps:

  • Never share passwords or Microsoft Authenticator codes. USU will never ask for them.
  • Examine email addresses carefully—look for misspellings or external domains.
  • Hover before you click—make sure a link matches the site it claims to be.
  • Stay cautious with unexpected messages, even from familiar names.
  • Trust your instincts—if something feels off, it probably is.

Report a Phishing Attempt

If you receive a suspicious email, use the Phish Alert Button in your email client to report it. If you accidentally click a link or enter your credentials, contact the USU IT Service Desk immediately to reset your password.

For more examples and tips, check out the USU Phish Bowl.

Upcoming Event

Students, faculty and staff are invited to take part in a campuswide scavenger hunt during Cybersecurity Awareness Month. From noon to 3 p.m. Oct. 29, participants can visit booths across the Logan campus to learn strategies for protecting their devices and personal information. Those who complete the scavenger hunt will be entered into a prize drawing.

CONTACT

Breyden Summers
Security Engineer
Information Technology
breyden.summers@usu.edu

SHARE

Comments and questions regarding this article may be directed to the contact person listed on this page.

Next Story in University Affairs

See Also

Trending on Utah State Today