Phishing is a form of social engineering. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password, and other personal identifying information (PII), or clicking on a malicious attachment.
Attackers can use this information to:
- Steal money from victims (modify direct deposit information, drain bank accounts)
- Perform identity theft (run up charges on credit cards, open new accounts)
- Send spam from compromised email accounts
- Use your credentials to access other campus systems, attack other systems, steal University data, and jeopardize the mission of the campus
Reporting and dealing with Phishing
- If you receive a Phishing Email:
- Please forward the message to [email protected]
- After reporting to [email protected], If you are using the Gmail interface, you can report phishing directly to Google:
- Sign in to Gmail.
- Open the message you'd like to report.
- Click the triple-dot icon next to Reply, at the top-right of the message pane.
- Select Report phishing.
- Delete emails and messages that ask you to confirm or provide personal information.
- Do not reply, click on the links, or provide any sensitive information / user credentials.
What to Look For
Be suspicious of all requests. Ask, "Is this real?" Use the following checklist to check for common signs of phishing messages:
- Message indicates urgent action is needed
- Message indicates negative consequences will occur if action is not taken
- Message is not expected
- Message sender is not known
- Message cannot be read without opening an attachment
- Message requests sensitive information be sent
- Message directs users to "click here"
- Message uses poor grammar and/or spelling
- Sender from: name does not match message signature
- Sender email address does not match organization name
- Sender email address is not the same as the real address
- Sender name is not listed in the campus directory
Protect your email and your private messages
- Use a strong password. Use password with at least 8 characters, including uppercase and lowercase letters, numbers, and symbols.
- Change your password frequently.
- Be aware of using public PCs. Be sure that if you are using a computer in a public place that you logout when you are finished.
- Protect your email address. Be aware of where you display your email.
- Do not include emails in blog posts or social media posts.
- Lock up your desktop or laptop and close your email clients when you walk away from your desk.
- Keep your data secure by using encryption and storing encrypted files.