Phishing is a type of cyber attack where attackers impersonate trusted entities to trick individuals into revealing sensitive information such as passwords, credit card numbers, or login credentials or enticing the user to click malicious links or attachments. Phishing attacks come via email but variations can also be seen through other communications modes such as text messages and fake ads.
Knowledge Base Articles about Phishing
- How to identify a Phishing email
- See examples of common Phishing emails sent to Hancock College users
- How to report a Phishing email
- How to manage Email Quarantine
- Hancock College's Phishing simulation policy
-
Check the sender’s email address
Nearly all phishing emails come from untrusted email addresses. Often from free email providers like gmail.com or outlook.com. Sometimes, emails are sent from other compromised accounts that have not relation to Hancock College. Also look for subtle misspellings or suspicious domains (e.g., support@hanc0ckcollege.life instead of support@hancockcollege.edu).
-
Watch for urgent or threatening language
Attackers try to get you to react quickly without pausing to think with phrases like “Your account will be suspended!” or “Act now!”
-
Be skeptical of unexpected attachments or requests
If you weren’t expecting a file or someone asks for sensitive info, verify through another channel like a phone call through a campus extension.
-
Generic greetings
Messages that start with “Dear Customer” or “Dear User” instead of your name can be a red flag.
-
Unexpected requests for personal info
Hancock College ITS and HR will never ask for sensitive information (like passwords or SSNs) via email or text.
-
Too-good-to-be-true offers
Promises of prizes, refunds, or free gift cards are often bait to lure you into clicking. Hancock College has seen many offers for free pianos, welding equipment and a travel trailer.
-
Unusual timing
Emails sent at odd hours or on weekends from business contacts may be suspicious.
-
Requests to bypass normal procedures
Messages urging you to ignore standard processes or “just do this quickly” should raise alarms.
-
Unfamiliar Signature format
Hancock College's Department of Public Affairs has a suggested format for email signatures which many Hancock College employees use. Be wary of emails purporting to be from Hancock College employees that do not follow this format.
-
Links to free forms sites
Form services like Microsoft Forms or Google Forms are easy ways for attacker to attempt to collect information from users. Hancock College does use Microsoft Forms and Dynamic Forms for gathering user information. However, Hancock College never requests sensitive information like username, password, SSN and payment information through these services. If in doubt contact the department asking for information.
-
Malicious links sent through 3rd Party services
Be aware of malicious link sent by 3rd Party services like SharePoint, Google Docs or Dropbox. These messages are likely sent from compromised accounts. Again if a message is unexpected, do not click on links or download attachments.
A phishing simulation is a controlled exercise where an organization sends fake phishing emails to its users to test their ability to recognize and report suspicious messages. While these simulations can raise awareness, some research suggests they may be counterproductive, causing stress, eroding trust, or leading to user fatigue.
At Allan Hancock College, the ITS department does not conduct traditional phishing simulations. Instead, beginning in Fall Term 2025, ITS will send clearly labeled training emails designed to help users practice reporting phishing. These messages will not be disguised or deceptive. Users are simply encouraged to click “Report as phishing”. ITS does not track individual compliance, and there are no repercussions for not reporting. This training will be repeated semi-annually to remind employees of the reporting procedure.