Phishing & Scams: A Guide to Spot, Avoid, and Report

Overview

Phishing scams are on the rise, making it crucial for students, staff, and faculty to stay aware of potential threats, know how to respond if targeted, and report incidents properly. This is a reminder to remain vigilant against the ongoing phishing attempts targeting our NMSU email accounts.

Procedure

What is Phishing?

Phishing is a cyber attack technique used to acquire sensitive data, such as bank account numbers, through fraudulent emails or websites. The attacker impersonates a legitimate business or reputable person. According to the National Institute of Standards and Technology (NIST), phishing is defined as:

"A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person."

 

Common Signs of Phishing Attempts

  • Is the email from an external source outside of NMSU?
    You can identify this by the warning displayed at the top of the email.

  • Is the email sent from a suspicious email address?
    Common phishing emails often come from @gmail or @yahoo accounts that imitate NMSU personnel.

  • Does the email create a sense of urgency or include threats?
    If so, do not click on any links or attachments and report the issue.

  • Are there any suspicious attachments?
    If so, avoid clicking on them and report the email.

  • Is there a request for sensitive information?
    This could include login credentials or personal details.

  • Are there any unusual requests?
    This could be a request that’s out of the ordinary for your position or role.

  • Is there bad grammar or spelling?
    The mistakes may be subtle but are often a red flag.

  • Do the links lead to strange addresses?
    Hover over the links to see where they actually lead.

 

Additional Red Flags:

  • A sense of urgency, danger, or emotional manipulation (e.g., "Your account is suspended," "Quota reached," "Need help!")

  • The sender’s email does not match the name (e.g., "John Smith: executivedirector@gmail.com")

  • Unknown or suspicious links, URLs, or attachments

 

What to Do if You Click on a Suspicious Link

  1. Change Your Password Immediately
    If you entered your passphrase on the suspicious site, change it immediately.
    Follow these steps to reset your password
    Need help? Submit a support ticket here 
  2. Enable Two-Factor Authentication (2FA)
    2FA adds an extra layer of protection to your NMSU account and helps prevent unauthorized users.
    Set up 2FA by following these instructions
  3. Be Cautious With 2FA Requests
    If you already have use 2FA, stay alert.
    Never approve a login request unless you are actively signing in. 

 

Reactivating Your Account 

If you are unable to log into your account due to it being disabled:

  • E-mail Information Security: help@nmsu.edu
  • Call (575)-646-1796

 

Network or System Problems 

If you experience a software or computer issue, including network connection problems, Canvas and myNMSU problems:

  • E-mail the NMSU IT Help Desk: help@nmsu.edu
  • Call (575) 646-HELP (4357)

 

Report a Security Incident 

If you encounter a security event originating from an NMSU network or website, possible copyright infringement, or a network intrusion:

 

Contact Information:

IT Help Desk Contact & Zoom Desk
In Person: Hardman & Jacobs Undergraduate Learning Center - Room 105
Phone: (575) 646-HELP (4357)
Email: help@nmsu.edu



Zoom Link: https://nmsu.zoom.us/my/nmsuithelpdesk
Or meeting ID: nmsuithelpdesk
Zoom with us M-F 8am-5pm

Print Article

Related Services / Offerings (1)

Password Reset
Assists users with myNMSU username recovery and E-Print system password resets.