Cybercriminals are constantly refining their tactics, and phishing remains the most prevalent and dangerous form of social engineering. With the rise of AI, these attacks are becoming more convincing, harder to detect, and increasingly personalized. We would like to share some tips on how to detect and report the most prevalent phishing emails and scams.

Phishing

Phishing emails are still the top social-engineering tactic. Emails that manipulate emotions like urgency, fear, and trust trick victims into revealing sensitive information. These scams often appear legitimate, making it easy to fall for them if you’re not paying close attention.

Common Techniques:  

  • Fake emails pretending to be from banks/other trusted brands 
  • Spoofed login pages (copied from the original – check website name)  
  • Smishing (texts pretending to be from legitimate organizations)  

AI now amplifies these attacks.

Deepfakes

AI-generated audio/video can convincingly mimic executives, family, or public figures, helping attackers bypass simple verification.

Job & Check-Deposit Scams

Remote-work lures offer “equipment” or “onboarding” checks; victims are told to buy items or wire back funds before the check bounces. These often appear on legitimate job sites.

Red Flags 

  • Odd/similar-looking sender addresses 
  • Urgent or threatening language 
  • Unexpected links/attachments 
  • Requests for passwords, SSNs, or financial data 
  • Generic greetings (“Dear Customer”) 

If You Suspect a Scam

  • Verify via a trusted channel 
  • Change passwords; enable MFA 
  • Do not click, download, or reply 

Reporting phishing emails in Microsoft Outlook (Windows): 

  1. Select the suspicious email in your inbox. 
  2. In the top toolbar, click the “Report Message” button.
  3. A dialog box will appear asking you to confirm that you want to report the email as phishing. Click “Report” to send the email to Microsoft for analysis and improve spam/phishing filters. 

Reporting phishing emails in Outlook App (Mobile): 

  1. Tap on the suspicious email in your inbox. 
  2. Tap the three dots in the top right corner of the email. Select “Report Message” from the menu.
  3. A confirmation dialog will appear. Tap “Report” to send the email to Microsoft for analysis

Reporting phishing emails in Outlook App (Mac): 

  1. Hold the control key on your keyboard and click on the email. 
  2. Select Report > Report Phishing.

Unsure about an email? Forward the email to abuse@chapman.edu. If you would like to be enrolled in the free, self-paced Online Training and Awareness program, please send an email with the subject “Enroll me in the training and Awareness Program” to infosec@chapman.edu.  

Staying informed and vigilant is your best defense.