How to spot a phishing attempt and where to get help.
What is phishing
Phishing is of a type of cyber-attack that is intended to trick you into providing sensitive information or unauthorized access to your devices. It often results in malware or ransomware being installed on devices.
Attackers will typically impersonate someone you trust, and lure you into clicking links or opening email attachments. Phishing attempts can be in the form of an email, text message, phone call or webpage links.
What is Spear Phishing?
Spear Phishing is a more targeted phishing attempt, where the attacker has done prior research on the intended victim(s). Spear Phishing attacks are harder to spot, often because the attacker knows something personal about you.
Attackers sometimes use Spear Phishing techniques to pretend to be your colleague or boss and get you to act quickly on a demand for money.
How to spot phishing
The key to spotting a phishing attempt is to take your time before reacting or responding to an email, phone call, or text that you did not personally initiate.
Phishing attempts often try and get you to react or respond immediately by indicating urgency in the request. Some attackers are now simplifying their approach by providing clickable links for common activities like changing a password on your device. In other instances, they will attempt to trick you by leading you to believe you have already become infected with a virus, as to encourage you to click something and fix the problem.
How to avoid being phished
When in doubt, do not click! Never agree to financial demand or transaction from an email or text message, even if it appears to be from a person you know. Take the time to verify the legitimacy of personal or financial requests by confirming by phone call or in-person before responding.
The external email message flag can also assist you in determining whether an email came from inside or outside of the organization.
By slowing down to look for the signs of phishing before reacting, you will be less likely to fall victim to a phishing scam. This PDF shows some of the key indicators of a phishing attempt by email.
How to report phishing
There are two ways to report a phishing email:
- Contact IT Services: Forwarding the email to IT will allow us to help you verify whether the email is legitimate or phishing. We will respond to you with further instruction depending on the outcome of the investigation. Do not click any links, open attachments, or respond to the email until you have received follow-up from IT.
- “Report a Phish” Outlook Button: Your Outlook application has a built-in feature that allows you to report a phishing email with one click. When you utilize this feature, you will be given the option to either delete it or save it in your inbox while waiting for a follow-up from IT.