Phishing Alert: Essential Announcement from President Jay Gogue

A new phishing message was sent today, December 14, 2016, to the Auburn University community. To learn about phishing, visit

Email Message

Here's a screen shot of the latest email. Can you spot the signs of a phishing attempt?

Today's Phishing Email

  1. Generic Greeting: Actually no greeting this time
  2. Bad Return Address: While you can't always trust what the return address says, in this case it has an email account that is not from Don Large.
  3. Urgent/Threatening Language: who's going to name a document "Important Doc"?
  4. Unsolicited Attachment: If you didn't request this attachment, watch out! If this was so important it should have been included in the body of the message and not require an attachment.

Landing Page

You shouldn't have clicked the link, but if you had it would have taken you to a page this page. Notice the phishing signs?

Today's Phishing Landing Page

  1. Page is Not Secure: Look out! Never log into a website that does not have a proper security certificate. Look for the Lock icon in the address bar (usually should be green).
  2. Bad URL: That is not an Auburn University URL! Don't give your email account credentials on a site that isn't an Auburn website.
  3. Bad Return Reference: did not send you to the "login page"

Did You Fall for It?

  1. Immediately change your university password and any other accounts that use the same login information.
  2. Contact the OIT HelpDesk and let them know.
  3. Run a virus scan of your system using your anti-virus software.
  4. If you believe you may be the victim of identity theft, visit: Federal Commission for Identity Theft
  5. Forward the phishing email "as an attachment" to and then DELETE the message from your Inbox.
  6. Regularly check your banking and credit card accounts for any unauthorized transactions that may have been initiated by the phishers.


  • DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly.
  • DO NOT click a link in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
  • DO NOT use the same password for your University account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places as they can.
  • DO change ALL of your passwords if you suspect any account you have access to may be compromised.
  • DO be equally cautious when reading email on your phone. It may be easier to miss telltale signs of phishing attempts when reading the email on a smaller screen.
Last Updated: August 23, 2016