Phishing or Spear-Phishing is one of the most successful types of social engineering exploits.  It is a technique that uses email and fraudulent websites to capture your Username and Password.

Criminals send emails that look like they are from a person, institution or business you are familiar with.  Included in the email will be links that looks very similar to URLs you are familiar with.  If you open the links, you may be presented with a web page that has the same look and feel of one that you are used to.  Despite that it looks exactly like the website you are familiar with, it is a fraudulent site that is used to capture your login info as you type it in.

diagram of suspicious email

Things to be wary of:

  • Requests for sensitive personal information. Reputable institutions will never ask for any sensitive personal information, account id's or passwords by email.
  • Expressions of urgency or immediate requests for action. The criminals want you to act before you think, so they create a sense of urgency and a fear of consequences.  Don't fall for it.
  • Spelling or grammatical errors. Many phishing scammers are from outside the U.S., so English may not be their first language. Misspelled words, misused pronouns and punctuation errors can be a sign of a phishing attempt.

How to protect yourself:

  • Never email sensitive personal or financial information.  Email is typically not secure enough to transmit this type of data.
  • Stop, Think and Look before you click:  Hover your cursor over the link and inspect the address.  Look out for extra words and dots in the link, or an unexpected suffix to the URL (i.e. seeing a '.com' when you expect to see a '.edu').
  • SSL Certificate Errors:  Never submit your user ID, passwords or private data to a website that has certificate errors or is not secure.
  • Contact the IT department:  If you are not sure if it is legitimate, reach out to the IT department.  We are happy to help you identify a possible phishing attempt.