Office of Technology Services

Email Resources

The Immaculata IT team is seeing an uptick in malicious emails designed to steal passwords, deliver malware, or trick you into sending money or sensitive data.

Important Items to Remember

• Do not click any links or open attachments in a message you weren’t expecting.
• Do not reply or call phone numbers listed in a suspicious email.
• Forward any malicious or questionable emails to abuse@immaculata.edu immediately.
• If you already clicked or entered information, contact the Help Desk immediately at 484-323-3282.

Background Information

What are “malicious emails” trying to do?

• Credential phishing: Steal your IU username, password, and MFA codes (e.g., “Your mailbox is full — sign in now”).
• Malware delivery: Infect your device via attachments/links (ransomware, spyware, keyloggers, etc.).
• Business Email Compromise (BEC): Impersonate leaders or vendors to request wire transfers, gift cards, or W-2/payroll changes.
• Data theft & scams: Trick you into sharing personal info, tax data, research, grades, or payment details.

Common scams hitting campuses

• “Office 365/Google account expiration” or “storage full” notices.
• DocuSign/Adobe Sign/SharePoint/Drive “review the document” lures.
• Payroll & direct-deposit change or W-2/1098-T request.
• Financial-aid, scholarship, tuition refund or FAFSA phishing.
• Package delivery problems (UPS/USPS/FedEx).
• “Urgent request from your dean/coach/chair” asking for gift cards.
• Student job/internship offers paying unusually high weekly amounts for minimal work.
• Bookstore/parking/wifi “account issue” notices you didn’t initiate.

Various real-world examples of these emails are presented below.

How to spot a malicious or questionable email

• Unexpected or urgent tone: “Act now,” “within 15 minutes,” “keep this confidential.”
• Sender address doesn’t match the brand or person (look closely for lookalike domains and misspellings).
• Mismatched links: Text says one site, but the actual URL (hover to preview on desktop) is different or shortened.
• Attachments you didn’t request (.html, .htm, .iso, .img, .zip, .one, or “protected” PDFs).
• Generic or odd greetings, or language that’s a little “off.”
• Reply-To is different from the From address, or unexpected BCCs.
• Requests for passwords, MFA codes, SSNs, bank info, gift cards, or to install software.

Newer attacker tricks that make emails harder to notice

• Generative-AI written messages with perfect grammar and personalized details scraped from the web.
• Look-alike domains (including internationalized characters) and display-name spoofing that show a familiar name but a wrong address.
• Thread hijacking: Messages that appear in an existing email thread from a compromised colleague’s account.
• QR-code phishing (“quishing”) in images or PDFs that send you to fake login pages on your phone.
• HTML-smuggled attachments or OneNote/ISO/IMG files designed to evade basic scanners.
• OAuth consent phishing: Prompts to “grant access” to a malicious app instead of asking for your password.

What to do if you receive a suspicious email

Do:

• Forward it to abuse@immaculata.edu immediately
• Delete it from your inbox and trash after reporting.
• If you’re genuinely unsure about a request that appears to be from someone you know, contact them using a number or address you already trust (not by replying to the message).

Don’t:

• Don’t click links, scan QR codes, open attachments, or download files.
• Don’t reply or call phone numbers listed in the suspicious email.
• Don’t enter your password or MFA codes anywhere the message directs you.
• Don’t forward it to others (except to abuse@immaculata.edu).

If you already clicked or entered information

1. Disconnect from Wi-Fi (or wired internet/network connection) if you opened a file that seems malicious.
2. Notify the Help Desk immediately at 484-323-3282 and forward the original email to abuse@immaculata.edu.

Thank you for helping keep Immaculata University secure. Again, when in doubt, forward to abuse@immaculata.edu, and do not click any links or share any information.

Real Examples for Malicious Emails