Phishing: Home

Phishing.org defines phishing as "a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.  The information is then used to access important accounts and can result in identity theft and financial loss."

“What Is Phishing?” YouTube, uploaded by Kaspersky, 25 Jan. 2018, youtu.be/BnmneAjVrM4.

Safe email and browsing habits are very important. When a work account is compromised, it is quite common for a compounding chain reaction to follow. This may lead to major loss of time and money for your college/organization.  When a private account is compromised, one's identity may be compromised, privacy lost, and money stolen.  Exercising caution could protect your colleagues at work as well as your own identity, finances, and more.

 Automated SPAM and phishing filters cannot catch all malicious emails, so please carefully review any message that prompts you to click a link or reply. If you receive an email from someone inside or outside the college urging you to visit a site and login or download/view an attachment, review the email carefully and determine if it’s legitimate. The tips below can help you avoid being taken in by phishers:

• Unofficial or spoofed "From" address in the email's header. Make sure the sender’s address makes sense and matches who they’re claiming to be. The display name could differ from the actual “from” address. When viewing your email in a web browser, Outlook 365 will show you the sender's real "from" address if you click "Reply" to a suspicious message and then click on the senders' name in the "Reply To" field.   Just do not open any attachments or actually send the reply.
• Not addressed to you by name. Phishers often send mass email simultaneously. They may not have collected your name when they acquired your email address. Be skeptical of an email addressed to you as something generic, such as “Dear Employee.”
• Hidden or falsified links. To trick you into entering your username and password, phishers will often include a link to a website that’s been made to look like a legitimate website. The fake website may even look exactly like the sign-in page that you expect to see. Websites are easy to fake, so hover your mouse over the link in the email to see if it matches what it claims to be. Rather than clicking the link in the email, visit the site in your web browser by typing in the address you know to be valid.
• Call to urgent action. Phishers often press you to respond immediately. This is used to push for an emotional response. Take a moment; do not get too rushed to use common sense.  A common example is an email that appears to be from a superior that asks for an immediate favor because they are currently in a meeting.
•  Other indicators:

1. Spelling errors, poor grammar, or inferior graphics.
2. Requests for personal information such as your password, employee number or student number. Legitimate companies will not contact you via unsolicited email for that information.
3. Attachments that are not as expected (which might contain viruses or keystroke loggers, which record what you type).

• If you receive a phishing email, do not reply to it or click on any links it contains, simply delete the email. 
• If you think you might have provided account information to a phisher:

1.  Please change your password immediately!
2.  Check your email account’s settings for filters that the phisher may have added.  Also, check for forwarding rules that may exist in your account. Make sure that email is not being forwarded to suspect addresses and that rules aren’t in place to cause you to miss important email messages.
3. Check your email account’s settings to confirm that your email signature, friendly name or picture has not been changed.