Phishing (Pronounced ‘fishing’)
Phishing is an attempt from someone, likely unknown to you, to trick you into giving them information about yourself (such as your user ID and log in information, your banking or agency data, credit card info, etc…) so they can use what they have learned to their own benefit and your potential harm. Phishing attempts can occur in an email, a text, or a phone call. Examples:
- Sending you an email or text to ask you to click on a link and enter your credit card information
- Calling, emailing or texting you and stating they are from IT and need you to provide your user name and ID to the network or a software application. NOTE: OIT will never ask for your password.
- Sending you an email with an attachment that seems urgent or has an intriguing title that sparks your curiosity and encourages you to open it. The attachment has malware on it so they can capture all your keystrokes and see what you log into and capture everything you type from that point forward.
Don’t be fooled!!
Ask yourself these questions to recognize and prevent being duped:
- Are you expecting an email of this nature? (e.g. password reset, account expiration, wire transfer, travel confirmation, package delivery, etc…). If not, don’t open it.
- Does the “From” email address look like either someone you know, a business you work with, or a proper email account? If not, don’t open it.
- Does the tone of the email from co-workers / acquaintances sound right? If not, don’t respond to it or take any action it requests – sometimes an email can be spoofed (faked) into looking like someone you know when it really isn’t. Call the person to verify.
- Is immediate action required? Are you being pressured to immediately open an attachment or take some other action ‘NOW’? If so, be very skeptical of a message that demands immediate response and look at it more carefully.
- Is there a URL link in the email? NEVER click on a URL unless it is from a reputable site. Even then it is safest to manually type the URL. Do not click on attachments.
- Hover your mouse over the links in the email. Does the hover-text link match what’s in the text? Does the actual link look like a site with which you would normally do business? Look for tiny variations like an extra space or a slightly different spelling of a word and if found, or you are suspicious, do not click on the link.
- Does the message ask for any personal information (password, credit cards number, SSN, etc)? or for sensitive information about others? If so, be suspicious – don’t provide information without independent verification.
If you’re not sure about the legitimacy of an email message or phone call, contact the Help Desk, and forward the email to the Help Desk and delete it from your In Box and Deleted Items folders and they will take a look.