An email about part-time job opportunities.
Here’s an example: The contact info in the body of the email is the first thing that should catch your attention. Any time an external address is tied to a job offer or other enticement, users should confirm the validity of that account with Human Resources, ITS or the purported internal department that is listed. Do not use any of the information in the email itself — don’t call the numbers, reply to the email or follow any links. Instead, look up the appropriate departments using official MSU Denver resources, such as the official MSU Denver website or internal Office 365 address book
Also notice whether the message is coming from a legitimate MSU Denver email account — you can tell from the @msudenver.edu email domain. If the account of someone at MSU Denver is compromised as part of a phishing scam, that account may be used to send out a new wave of phishing messages, now with the added credibility of coming from a legitimate internal account. Remember, always verify the contents of a suspicious email before acting on it, no matter whom it appears to be coming from.
Fake document links
File-hosting services such as Google Docs and Docusign send automated notifications to recipients of a shared document. Scammers can use these systems to send malicious links under the guise of a shared document — or even just send a message formatted to look like such a notification. Here’s an example: