Can I report a phishing scam?
If you would like to report a phishing attempt related to a college unit or service, or you have questions about the validity of an email you have received, please contact firstname.lastname@example.org.
Please review our Identify Phishing Scams page for a more detailed discussion of how to identify phishing emails. You should also check out the latest phishing scams reported to Information Security.
You may report scams to the federal government at email@example.com, which collects information to build cases against phishers.
What Is a Phishing Scam?
A phishing scam is an email that looks legitimate and appears to come from a reliable organization or website. However, it is really an attempt to gather personal and financial information from a recipient. Not only do internet criminals phish your email inbox, but they also send text messages to try their malicious tricks. Using text messages, or short message service (SMS), for phishing attempts is known as “Smishing”.
Two Common Types of Phishing Scams
The first type of scam asks you to respond to an email with your account password or Social Security number in order to prevent immediate closure of your bank account, email account, or some other service. No reputable organization will ever send an unsolicited message requesting this kind of information. If you ever receive a message that asks you to send in your password, for example, it is a fraudulent email.
The second type of scam asks you to click a link to a fake site that might somewhat resemble a site or service you actually use and log in with your password to verify your account. Information Technology will never request your password, nor will we ask you to change or “validate” your password.
If you’ve responded to either of these types of scams, you’ve placed your personal information in the hands of scammers, who can misuse it.
How do I know if a message I received is a phishing attempt?
Review the simple guidelines for identifying phishing emails included below.
- The email asks you to confirm personal information
- The domain name is misspelled.
- The email is poorly written.
- It includes suspicious attachments or links.
- The message creates a sense of urgency.
10 Common Traits of Phishing Emails
|Asking for Personal Information||Most reputable organizations will never email you asking
for your address, phone number, national ID number, or
other personal data.
|Inconsistencies in Links||Always hover over links with your mouse pointer to display the
full URL. If it leads somewhere that doesn’t logically belong within
the context of the email, or generally looks nonsensical, don’t click!
|Unrealistic Threats||Phishing emails often feature threatening language, such as
“Payment overdue!” or “Your account has been compromised!”,
in order to generate a response from their targets.
|Generic Greetings||Unlike legitimate entities that will address you by your full name
or username, phishing emails usually opt for generic greetings,
such as Dear Customer or Dear Sir/Madam.
|A Sense of Urgency||Similar to unrealistic threats, emails that urge you to click on a
link or download an attachment or update your account
immediately are likely scams.
|You're Asked to Send Money||Whether it be overdue taxes or an upfront payment to cover
expenses, any email that asks for money should
immediately raise your suspicions.
|Too Good to Be True||The old saying remains true to this day: if it’s too good to be true,
it’s likely untrue. Keep that in mind any time you get an email
claiming you won the lottery or are due a large family inheritance.
|Poor Spelling and Grammar||Most generic phishing attempts contain spelling and
grammar errors or feature awkward wording/phrasing.
|Suspicious Attachments||Attachments aren’t always malicious, but use extreme
caution whenever you receive them unexpectedly.
|From a Government Agency||In almost every case, government agencies don’t use email
to communicate anything of consequence. The IRS, for
example, will never email you about your taxes or payments.
Convincing Smishing Scam from a Popular Mobile Carrier
Not only do internet criminals phish your email inbox, but they also send text messages to try their malicious tricks. Recently, smishing scammers have been sending text messages that appear to come from the popular cell phone service provider, Verizon. The text message is designed to look like a security alert. It warns you to click the link and validate your account before your account access is disabled. If you fall for this alert and click on the link, you’re brought to a very convincing fake website that looks identical to Verizon’s login page. You’re instructed to sign in to your account to “validate your account security”, but if you mistakenly enter your credentials here, the attackers will have your login information and be able to take over your account.
Remember the tips below to protect yourself from smishing scams:
- Links sent through text messages are usually shortened. Therefore, you can’t see where the link will actually take you. If your mobile device allows it, before clicking the link, hold your finger down to see the full web address of where the link will take you.
- Always log in to your online accounts through your phone’s browser or through the mobile application you’ve installed on your phone, instead of clicking an unexpected link.
- Never use the same password for multiple accounts. If you did fall for a scam such as this you may not even realize it happened, but the attackers would be able to break into all of the accounts where you use the same password.
What is a Spear Phishing Scam?
Another type of scam is Spear phishing, an email or electronic communications scam that targets individuals from a known or trusted sender in order to induce targeted individuals to reveal confidential information. An example of this would be when your “manager” sends you an email asking you to purchase a bunch of gift cards. All of this communication would only transpire through email because your “manger” states they are too busy to talk. Although this scam is intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
Social media services provide simple and convenient ways to stay current with what’s going on in your personal and professional life. Risks come with these conveniences so it’s wise to be aware of these risks. Below are some helpful tips for making sure you keep protected while on social media.