This was a phishing simulation by the USNH Cybersecurity Operations Team.
Rather than stealing information like a cybercriminal would, we have re-directed you to the this page. Below is the message and some tips on how to help identify phishing.
Don't worry, your credentials were not compromised during this simulation.
And It's Okay! Let's learn from this.
Phishing Message:
Subject: Celebrate the Holidays – Win a $100 Gift Card!
Sender: USNH Rewards Group <rewards@unsh.edu.com>
As part of our holiday appreciation, were offering employees a chance to win a $100 gift card. Simply log in to our Holiday Rewards Portal within the next 48 hours and confirm your details to enter the draw.
Don’t miss out – entries close soon!
Click Here to enter
Happy Holidays from all of us!
USNH Rewards Team
------------------------------------------------
Tips to Help Identify Phishing
The external tag: While USNH does apply a warning banner for messages from external senders, this is not consistent with that banner.
Sender From Name: rewards@unsh.edu.com. - Phishing messages will often attempt to make the email address appear legitimate. This is especially true when reviewing messages on mobile devices. Always expand the sender from field to review the actual email address. Never assume the Display Name is the actual sender!
Sense of Urgency/Limited Time Offer: "Simply log in to our Holiday Rewards Portal within the next 48 hours" and "Don’t miss out – entries close soon!". Phishing messages will often attempt to instill a sense of urgency in an effort to convince recipients to quickly take an action. Additionally, the statement also indicates it's open for a limited time, attempting to instill there is a chance the recipient could miss out if they do not act fast enough.
Signature - USNH Rewards Group - Impersonating a group that does not exist at USNH.
Hover over link - The simple act of hovering over the link (without clicking) can reveal the true URL that may be hidden or obfuscated. Use this to your advantage to see the URL may be before ever clicking! If you ever receive a message you believe could be legitimate but are not certain (ie., from your bank) always defer to typing the known good url into your browser instead of clicking a link.
Did you know? - Even by simply clicking on a link in a phishing email you can unintentionally disclose information.
------------------------------------------------
If you ever have concerns that a message may be phishing, please do not hesitate to contact the following resources:
USNH Cybersecurity Operations - IT.Security@usnh.edu - USNH Cybersecurity
USNH Technology Help Desk/Help Central -
- KSC: 603-358-2525
- PSU: 603-535-2525
- UNH / USNH: 603-862-2525
- https://www.usnh.edu/it/need-it-help
- https://usnh.edu/helpcentral
- USNH Help Desk
USNH Phishbowl News - Find information on how to report a message using the built-in report function in Outlook. In addition to reporting the message to the USNH Cybersecurity Team, this also helps train Microsoft to better detect phishing and helps protect the USNH community!
Phishing Awareness at USNH - Provides more information about phishing and why USNH is a target for phishing.
