What is Phishing?
A phishing attacks is a way of attempting to get a user to install malicious software or have the user provide sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
What are Phishers After?
Phishing attacks try to get you to do one of the following:
- Open a malicious attachment
- Browse to a malicious website
- Wire Transfer bank funds to a fraudulent account
- Disclose Sensitive information
- Credit Card Numbers and CVS codes
- ATM/Debit Card Information and PINs
- Social Security Numbers
- Banking Information (Account Numbers, Routing Numbers)
- Account Passwords
Never Provide any of this Information via E-mail!
How to identify a Phishing Attack?
- Phishing emails may contain strange words, misspelled words or unusual or awkward phrasing to help them avoid SPAM-filtering software.
- Phishing e-mails will often have a sense of urgency. ("Your account will be closed if you don't..." etc.)
- Hover over email links before clicking them to validate the true URL. Never click a URL you don’t recognize or looks suspicious.
How to Protect yourself?
- Never send sensitive information (e.g. passwords, CC data, PII via email. A reputable organization or business will never ask you to send confidential information via email.
- Never respond to e-mail from a source you are not 100% sure the sender is legitimate. When in doubt call the organization or business but DO NOT use contact information found in the e-mail, instead work through your established and trusted channels to verify the authenticity of a message received.
- Never open an attachment in a suspicious e-mail because it may install malicious software on your computer.
- Never click on a link in a suspicious e-mail because it may take you to a malicious website that may install malware on your computer.
- Never perform a money transfer requested via email, even if it appears to be coming from a trusted source as email addresses can be spoofed! Always verify that wire transfer request is authentic by calling the person listed as a requestor and make your supervisor aware.
- Use bookmarked links to go to trusted websites, and not links received in emails. (e.g. mypage.slcc.edu, banking websites, webmail etc.)
What to do if you receive a suspicious email?
(You recognized the signs, you weren’t fooled, and you didn’t open the attachment or click the link.)
- Forward the email as an attachment (alt-ctrl-f) to InfoSec@slcc.edu, so we can investigate the incident and protect our other users.
- Delete the email so you don’t accidently click any of the links.
What to do if you have been phished?
(If you’ve opened an attachment, clicked the link, or given up information, don’t panic. If you act quickly there are things you can do to limit the impact of the attack.)
- Report the incident to the helpdesk (x5555) and let them know what information was disclosed.
- Change any effected passwords.
- Scan your PC for malware. (The helpdesk can help with this)
- If you believe your financial accounts may be compromised, contact your financial institution immediately.
- Watch for any unauthorized charges to your accounts.
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.
- OIT will NEVER ask for your password!
- If it sounds too good to be true, it probably is!
- If the message does not appear to be authentic, it’s probably not.
- Check to see if the content of the message appears in search engine results (known scam, etc.)
- Watch for typographical errors, bad formatting, poor grammar, etc.
- Be suspicious of messages that asks you to send your information to them.
- Be suspicious of emails from companies that you haven’t set up an account or you don’t do business with on a regular basis.
- Be very suspicious of emails claiming to be from the IRS, FBI or other government agency.
- Learn your trusted standard notification emails (e.g. OIT and other institutional emails), question any out-of-ordinary emails received. Refer to the Sample Phishing Emails link for more information on recognizing phishing.
More Information for Online Safety