What's Phishing ?

Phishing: Fraudulent Emails, Text Messages, Phone Calls & Social Media

As any type of fraud, phishing can be extremely damaging. We have already seen an uptick in fraudulent emails in the last month. Use these pages to find out more about phishing - what it is and what risks it poses. Don't get hooked! 

What is Phishing?

Phishing refers to different types of online scams that ‘phish’ for your personal and financial information (e.g., your passwords, Social Security Number, bank account information, credit card numbers, or other personal information).

These messages claim to come from a legitimate source: a well-known software company, online payment service, bank, or other reputable institution. Some will use an organization's email address, logo, and other trademarks to fake authenticity. Phishing messages may also appear to be from a trusted friend or colleague.

Phishing messages can come from a growing number of sources, including:

  • Email
  • Phone calls
  • Fraudulent software (e.g, anti-virus)
  • Social Media messages (e.g., Facebook, Twitter)
  • Advertisements
  • Text messages

What is spear phishing?

More sophisticated attacks, known as spear phishing, are personalized messages from scammers posing as people or institutions that you trust. They often collect identifiable information about you from social media or the compromised account of someone you know to make their messages more convincing. Never transmit sensitive information over email or social media, even if the message requesting information appears to be legitimate. 

Signs of phishing include:

  • UltimatumAn urgent warning attempts to intimidate you into responding without thinking. ‘Warning! You will lose your email permanently unless you respond within 7 days’. This has been popular recently. 
  • Incorrect URLs: Scammers may obscure URLs by using hyperlinks that appear to go to a reputable site. Hover your mouse over any suspicious links to view the address of the link. Illegitimate links often contain a series of numbers or unfamiliar web addresses.
  • No signature or contact information: Additional contact information is not provided.
  • Too good to be true offer: Messages about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent.
  • Style inconsistencies: Pop up windows that claim to be from your operating system or other software may have a different style or colors than authentic notifications. Messages that claim to be from a reputable organization may be missing branding aspects such as a logo.
  • Spelling, punctuation, or grammar errorsSome messages will include mistakes. 
  • Attention-grabbing titles: "Clickbait" titles (e.g., "You won't believe this video!") on social media, advertisements or articles are sensationalist or attention-grabbing and sometimes lead to scams.

  • Social Media Quiz: We see these plastered all over facebook. Many times these are designed to get answers to a person's password security questions. Most security questions are common and based on our location. "What was your high school mascot?" sounds like an innocent question, but can lead to gathering a lot more information about a person.

For more information, see the FTC's page about Phishing.

The Dangers of Phishing:

  • Identity theft: Once you provide your personal information in response to a phishing attempt, this information can be used to access your financial accounts, make purchases, or secure loans in your name.
  • Virus infectionsSome fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. Others may also install keystroke loggers that record your computer activity.
  • Loss of personal data: An attacker can deploy malware on your machine, malicious software that encrypts files on your computer and denies  access to the files until a ransom is paid.
  • Compromising school data: If you use similar or the same passwords for multiple accounts (please don't) then many of those accounts could get compromised. This could lead to access of school information saved on a device or in a Google account.
  • Putting others at risk: If an attacker gets a hold of your email, they can proceed to email  everyone in your address list. The email will technically be sent from your account and the attacker will gain more victims.
Please report any phishing attempts to:  [email protected]