Phishing is a form of social engineering. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password, and other personal identifying information (PII), or clicking on a malicious attachment.
Attackers can use this information to:
- Steal money from victims (modify direct deposit information, drain bank accounts)
- Perform identity theft (run up charges on credit cards, open new accounts)
- Send spam from compromised email accounts
- Use your credentials to access other campus systems, attack other systems, steal University data, and jeopardize the mission of the campus
How Do I Report Phishing Emails?
- If you receive a Phishing Email:
- Please forward the message to [email protected]
- After reporting to [email protected], If you are using the Gmail interface, you can report phishing directly to Google:
- Sign in to Gmail.
- Open the message you'd like to report.
- Click the triple-dot icon next to Reply, at the top-right of the message pane.
- Select Report phishing.
- Delete emails and messages that ask you to confirm or provide personal information.
- Do not reply, click on the links, or provide any sensitive information / user credentials.
How Do I Spot Phishing Scams?
Be suspicious of all requests. Ask, "Is this real?" Use the following checklist to check for common signs of phishing messages:
- Message indicates urgent action is needed
- Message indicates negative consequences will occur if action is not taken
- Message is not expected
- Message sender is not known or a forged (spoofed) account
- Message cannot be read without opening an attachment
- Message requests sensitive information be sent
- Message directs users to "click here"
- Message uses poor grammar and/or spelling
- Sender from: name does not match message signature
- Sender email address does not match organization name
- Sender email address is not the same as the real address
- Sender name is not listed in the campus directory
Anatomy of a Phishing Email
Most phishing scams have a number of common components. Here are examples of phishing scams that might hit your inbox.
Phishing Email Sample - WHO Internship
Phishing Email Sample - UNICEF Internship
Phishing Email Sample - Financial Scam
Phishing Email Sample - Spoofed Contact