Guru's Verification engine ensures consistency, confidence, and trust in the knowledge your organization shares. Learn more.

06/26/25 - CyberSafe Monthly - Community Alert: Two New Phishing Tactics

SUBJECT: CyberSafe Monthly - Community Alert: Two New Phishing Tactics
DATE: June 26, 2025
SENDER: Information Security & Privacy Office

CyberSafe Monthly header with Gnarls wearing a cybersecurity tshirt

As cybercriminals find new and more sophisticated ways to target both individuals and communities, it’s important to be aware of each new tactic and stay vigilant both on campus and at home. This month, we’re highlighting two emerging phishing tactics that you should be aware of: ClickFix and Typosquatting.

ClickFix: A New Twist on Phishing

ClickFix is a deceptive tactic where scammers create fake links or commands, pretending there’s an issue with your device or account that needs fixing. They often disguise these tricks to look like real security checks, like CAPTCHAs or browser updates. If you end up clicking on one of those links or entering the commands they provide, you could be giving scammers a free pass to your system. This could result in login and password theft, installation of ransomware, or a compromise of your sensitive personal data.

Illustration of malware icons on a laptop with a hand holding a magnifying glass to show a vrus.

Take Action: Never paste commands from emails or pop-ups and always hover over links before clicking to ensure they lead to a legitimate or official page.

Typosquatting: A Common Trap

Typosquatting involves creating websites or URLs that closely resemble legitimate ones, but with slight misspellings or letters omitted. For example, instead of “Netflix.com/Activate,” a phishing site might be “Netflix.co/Activate.”

Typosquatting 2.jpg

Take Action: Always double-check the sender’s email address and legitimacy of links, making sure there are no typos or suspicious spellings. You can also search for the official page and carry out your desired action from links on the official page.

Don't Take the Bait! Report Phishing Scams to IT Central

Our Phish Bowl collects recent scam messages sent to members of the community and notes all red flags within each message so you can learn to spot the signs of common phishing scams. Be sure to report any suspicious emails to IT Central and we’ll make sure they’re added to our collection.

REPORT A PHISH

For additional information, visit our Data Privacy page or email the Information Security & Privacy Office at ispo@newschool.edu.

Rate This Newsletter‌

‌On a scale of 1 to 5, with 1 being 'Not at all helpful' and 5 being 'Extremely helpful', how helpful was this newsletter? Submit your rating below!

[Survey was conducted via email only. Please refer to the original email to submit a rating.]

You must have Author or Collection Owner permission to create Guru Cards. Contact your team's Guru admins to use this template.