What is Phishing?

Phishing occurs when someone attempts to use electronic communication such as email to fraudulently acquire confidential information such as your password by pretending to be a trusted person or part of a trusted group.

How does phishing work?

Phishing is a form of social engineering, the art of manipulating people into sharing confidential information or performing a desired action. Phishing attacks are commonly transmitted via email and social network sites like Facebook and Twitter.

How will they encourage me to share my information?

Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed or lust. They also often present a sense of urgency. Examples include messages that:

  • Tell you that your account was misused by you and will be disabled
  • Tell you that your account was compromised and will be disabled
  • Tell you that your Mailbox has reached its limit and will be disabled

What might the phisher ask for?

  • Your password
  • Account number, card number, PIN, access code
  • Personally identifiable information like your date of birth, Social Security number or address
  • Confidential information like student records, financial records or technical information

Signs of a potential phishing attack

If the communication you receive exhibits any of the following, it may be a phishing attack.

  • You are asked for confidential information
  • You are asked to visit a web page with a suspicious or unexpected address
  • You do not recognize the sender or the sender does not normally contact you
  • You recognize the sender, but the sender’s email address, alias or name spelling are unusual
  • You’re told something negative will occur if you don’t supply the requested information
  • The writing style is unusual

How to protect yourself

  • Ask yourself whether you should be sharing the information requested
  • If the supposed sender is someone or an organization known to you, contact them to discuss the request
  • Use a browser that alerts you when you attempt to visit known phishing websites
  • Before you click a link, inspect it
  • If unsure of a link’s authenticity, use a link you know or find the link via a search engine