This was a phishing simulation by the USNH Cybersecurity Operations Team.
Rather than stealing information like a cybercriminal would, we have re-directed you to the this page and assigned a short, one minute training video from Microsoft - "Phishing Six Clues That Should Raise Your Suspicions".
Don't worry, your credentials were not compromised during this simulation.
And It's Okay! Let's learn from this.
Phishing Message:
Subject: Win Your Chance for a Spring Break Getaway
Sender: Microsoft Rewards <Rewards@microsoft.rewards.edu>
Dear <first name>,
Are you ready for a break from the daily grind? Here's your chance to win an all-expenses-paid spring break getaway to a destination of your choice! Imagine yourself relaxing on a sunny beach, exploring vibrant cities, or enjoying thrilling adventures.
To enter the contest, simply click on the link below within the next 48 hours, then log in with your credentials to confirm your participation. Don't miss out on this incredible opportunity to recharge and have some fun!
Hurry, the contest ends soon! We look forward to seeing you on the winner's list.
Best of luck,
The USNH Microsoft Rewards Team
------------------------------------------------
Tips to Help Identify Phishing
The external tag: While USNH does apply a warning banner for messages from external senders, this is not consistent with that banner.
Sender From Name: rewards@microsoft.rewards.edu. - Phishing messages will often attempt to make the email address appear legitimate. This is especially true when reviewing messages on mobile devices. Always expand the sender from field to review the actual email address. Never assume the Display Name is the actual sender!
Sense of Urgency/Limited Time Offer: "Hurry! This offer is valid only for the first 100 participants. Don’t miss out on your chance to win!". Phishing messages will often attempt to instill a sense of urgency in an effort to convince recipients to quickly take an action; here Hurry is being emphasized. Additionally, the statement also indicates it's a limited offer, attempting to instill there is a chance the recipient could miss out if they do not act fast enough.
Signature - USNH Microsoft Rewards Team - Impersonating a group that does not exist at USNH.
Hover over link - The simple act of hovering over the link (without clicking) can reveal the true URL that may be hidden or obfuscated. Use this to your advantage to see the URL may be before ever clicking! If you ever receive a message you believe could be legitimate but are not certain (ie., from your bank) always defer to typing the known good url into your browser instead of clicking a link.
Did you know? - Even by simply clicking on a link in a phishing email you can unintentionally disclose information.
------------------------------------------------
If you ever have concerns that a message may be phishing, please do not hesitate to contact the following resources:
USNH Cybersecurity Operations - IT.Security@usnh.edu - USNH Cybersecurity
USNH Help Desk - (603) 862-2525 - USNH Help Desk
USNH Phishbowl News - Find information on how to report a message using the built-in report function in Outlook. In addition to reporting the message to the USNH Cybersecurity Team, this also helps train Microsoft to better detect phishing and helps protect the USNH community!
Phishing Awareness at USNH - Provides more information about phishing and why USNH is a target for phishing.
