Now Viewing Information for: Students
Show me information for Employees

In this section:


What is phishing?

Phishing scams are attempts to trick you into releasing your email, bank, credit card, or other private information to an unidentified individual. They are usually carried out via email, but can also occur via phone calls where a scammer claims to be a representative of your school, bank, or some other organization.


How do I recognize phishing attempts?

  The primary hallmarks of a phishing email are:

  • Impersonation: These emails may appear as they are from a reputable source such as Mercer, or your bank.
  • Web links: The linked sites typically ask you to enter personal information, usernames, and passwords.
  • Threats: Phishing often involves threats to disable your account if you don't provide the requested information.
  • Poor spelling and grammar: This helps the emails evade junk mail filters.
  • Malicious QR Codes: Think Before You Scan! As cybercriminals evolve they try to find other ways to trick you in to sharing your personal information by using QR codes. Follow the tips in this document to keep your data safe.

Here is an example of what a typical phishing email looks like. Take this Phishing IQ Test to see how well you can spot a phishing email.phishing example

Here is an example of a typical QR code phishing email. Review this document for more information on spotting a suspicious QR code.

If we receive reports of a malicious email, we post it on our Security Alerts page. If you see an email listed there, you can delete and disregard the message.


If you're unsure about something - ask!

The IT Help Desk is always willing to review any email, website, program, etc. to help determine if there is a security risk.


How do I report a phishing email?

The best way to report phishing email is to forward the message as an attachment to the IT Help Desk. Forwarding as an attachment preserves helpful diagnostic information, which is lost when simply forwarding an email. Follow the instructions outlined below.

  1. Select or Open the message you would like to forward.

  2. Select the dropdown arrow next to the Forward button and choose Forward as attachment.

  3. A new message will be generated, add in the the To... field and press Send.


Is it ok to move email from my junk folder back in to my inbox?

 It is best to leave email found in your junk or spam folders unless you are 100% certain of the sender.


What is voice phishing (vishing or spoofing)?

Vishing (or spoofing) is a form of phishing in which scammers use text or phone calls, that appears to be from a trusted source, but isn’t. The goal is to steal someone's identity or money. A scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software.

It is best to be extremely careful about responding to any requests for personal identifying information. Click here to download a tip card.


What should I do if I am the victim of a phishing attempt?

Please note that Mercer’s IT department will not request any sensitive information via e-mail from you. We continue to work toward preventing phishing, virus, and spam messages from reaching your inbox.

If you do respond to a phishing email and provide any information, follow these steps:

Change your password and password security questions.

  • If you provided your password for any Mercer systems, change your password as soon as possible.
  • If your password is used on more than one website, change it everywhere you use it.
  • Most sites have security questions which allow you to reset your password. The scammer may have seen your current answers, so it's a good idea to change them as well.

Contact your bank, credit card company, etc...

  • If you have given the scammer any financial information, contact your, bank or credit card company and report it. Your credit card company can place a fraud alert on your account.
  • Contact the 3 main credit bureaus and have them put a fraud alert on your credit file.
  • If you have provided your driver's license information, contact your DMV.
  • If you provided your Social Security number, visit, or call the Federal Trade Commission at 1-877-IDTHEFT (1-877-438-4338).

Review your account activity.

For the next few weeks, carefully review any accounts that could have been accessed using the information provided to the scammer. The scammer may not use the information provided right away, so it's important to keep an eye on your accounts for any suspicious activity for some time after the phishing took place.

Reduce your future risk.

Using a different password for every website you use is one way to reduce your security risk. Information regarding other ways to protect yourself can be found on our Security Best Practices website.
(478) 301-7000