Main content
How to avoid online scams — and how Emory can help
cybersecurity getty image

As more of our lives continue to move online, it can be easy to believe messages that ask for personal identification information or financial help for a friend are legitimate. But believing everything you read can make you a target for cybercriminals. Here’s what to be on the lookout for and how to stay safer against scams. 

What are online scams? 

From phishing to hacking to extortion, there are plenty of scams to keep track of. While phishing attempts generally aim to get readers to click a link and enter their login information (which is then stolen), online fraud and scams are typically after money. 

Most messages use a scare tactic of some sort, relying on the reader’s knee-jerk reaction to deal with the problem. For example, students might receive messages that their academic standing or immigration status is at risk unless they give high sums of money to the sender. Faculty and staff are frequently targeted with messages from someone posing as a supervisor or coworker asking for money or gift cards to cover a family or personal emergency. 

At Emory, people have lost anywhere from hundreds to thousands of dollars. And that money can be hard to recover — especially if it was sent in the form of gift cards.

Here are some important tips to remember from Emory Police and IT security experts.

How to spot a scam 

Cybercriminals have gotten more sophisticated over the years, which can make these attempts harder to spot. But most messages still offer clues that it’s spam if you know where to look. 

  1. Urgency: If you receive an email that prompts you to take immediate action, it could be fake. As Derek Spransy, associate director of enterprise information security at Emory, explains, “The sender is trying to instill some type of panic and make you believe that if you don’t take immediate action, there will be a consequence. They’re trying to short-circuit your instinct to question.” 
  2. Email links: Instead of clicking on a link, just hover your cursor over it to preview the landing page. Take a close look at the link. Is it sending you somewhere like emory.com instead of emory.edu? Now do the same thing with the “from” address. Use caution if it’s from an external source (any address that’s not from @emory.edu), a source that’s unrelated to the organization being impersonated or has a misspelling in it (like Microosoft instead of Microsoft). Emory’s email system automatically adds an [EXTERNAL] tag to the email subject on messages that are sent by someone outside of Emory.
  3. A reluctance to talk by phone: Scammers will often impersonate colleagues or classmates when making an urgent request and they’ll emphasize keeping the exchange over text or email instead of calling, claiming to be in a meeting or some other location where they can’t speak. 

If anything about a message feels off-kilter, take a minute to think it through. Instead of responding to the message, directly contact the person who is supposedly making the request, either over the phone or in person. 

Morieka Johnson, communications director for the Emory Police Department, shares that “people are busy and may sometimes mistakenly click links” when they receive these messages. In other words, people are responding to the message first and then questioning its legitimacy later. 

Johnson also reminds faculty, staff and students that Emory already has key identification infomration — the university doesn’t need to reach out for more details, and reputable employers won’t require you to send gift cards. 

The five most common scams

Spransy shares the most common types of scams targeting members of the Emory community. 

  1. Gift card scams: Frequently targeting employees, cybercriminals will impersonate team leaders and ask others in that department for a favor. Often, the first email asks for their best cell phone number before moving the conversations to text messages. Then, the criminal will ask the employee to purchase gift cards and send photos of the card numbers, all under the guise of reimbursement. More than a handful of staff and faculty across the Emory community have lost hundreds of dollars to this type of scam. 
  2. Impersonation of a government agency or law enforcement: These messages usually claim you’ve broken a law or owe a fine; they might also threaten immigration status. Then, the sender will ask for a large sum of money to solve the problem. If you become the target of this scam, just remember: a legitimate agency will not contact you by text, email or phone call, and you won’t be expected to pay. 
  3. Extortion scams: These scams are more threatening, typically claiming that harm will come to you or your loved ones if you don’t pay. The scammer might also threaten to expose compromising photos of you. If you receive a threatening email, report it to the Emory Police Department by emailing police@emory.edu or by calling 404-727-6111. The Emory Police Department works with all of Emory University, including Emory Healthcare, and can help anyone in the Emory community determine what the best next steps are. 
  4. Job scams: This tactic tends to target students and promises a job that is too good to be true. The positions usually include depositing money, making purchases or high compensation amounts — but the victims usually get involved in criminal or criminal-adjacent behavior such as money laundering. Be wary of any job offer that you receive out of the blue, especially if it doesn’t come from a trusted source such as EagleOps through the Emory Career Center, said Johnson. If it seems too good to be true, it probably is. 
  5. Tech support scams: You may receive an email from someone claiming to be with Microsoft, Apple or another tech company claiming something is wrong with your account (such as a virus). If this happens, remember that tech companies don’t proactively reach out to you — you have to contact them if something is wrong. 

Before responding to an email or acting on a request, Spransy recommends asking yourself, “Does the request make sense in context? For example, does it make sense that a police agency would tell me I can pay my way out of an arrest warrant?” If the answer is no, you can generally ignore that message. 

What to do if you experience a phishing attempt

When in doubt about the validity of a message, report it by forwarding the email as an attachment to abuse@emory.edu. If you’re ever unsure about a message, reach out to your IT service desk. For Emory University, that’s 404-727-7777 and for Emory Healthcare, that’s 404-778-4357. If you believe your password has been compromised, change it immediately at MyPassword. 

If you believe you’ve been a victim or attempted target of phishing, contact the Emory Police Department by email (police@emory.edu) or by calling 404-727-6111. That number is the same for both Emory University and Emory Healthcare. Emory police are available to support you 24/7. 

Campus Life is also available to support students’ well-being. TimelyCare offers confidential 24/7 virtual care, including access to mental health professionals through TalkNow; Counseling and Psychological Services (CAPS) provides confidential counseling, stress management classes and more; The Office of Respect provides support and advocacy for survivors of sexual and relationship violence and stalking; and Student Case Management and Intervention Services (SCMIS) provides support for basic needs, follow-up care and other resources. 

International Student and Scholar Services is also available to support students who have questions or concerns about phishing attempts. Call 404-727-3300 or email isss@emory.edu. 

Outside of the university, you can report the attack to the FTC at reportfraud.ftc.gov or the Internet Crime Complaint Center (IC3) at complaint.ic3.gov.


Recent News