Phishing and Spam Alerts
What is Phishing?
social media safety
Email Scams: Recognizing them
Over time, phishing attempts have become more sophisticated with increased quality of imitating a genuine email. Be aware of these warning signs:
- The message is unsolicited and asks you to update, confirm, or reveal personal identity information (e.g., SSN, account numbers, passwords, protected health information).
- The message creates a sense of urgency.
- The message has an unusual “From” address or an unusual “Reply-To” address.
- The (malicious) website URL doesn’t match the name of the institution that it allegedly represents.
- The message is not personalized. Valid messages from banks and other legitimate sources usually refer to you by name.
- The message contains grammatical errors.
Types of E-mail Spam and Phishing
Phishing is the term for messages sent to individuals via e-mail or text message with the intent to fool unsuspecting recipients into providing personal information, such as user names, passwords and financial account information. They often employ social engineering tactics by creating messages that appear to be legitimate. These messages can also lure individuals to malware-hosting websites.
Spear phishing differs from phishing in that it targets a specific department, division or college, seeking unauthorized access to protected information. These messages allegedly come from IT support staff or other professionals in a position of authority from within the targeted department, division or college. As with phishing, these e-mails will attempt to trick users into divulging personal or financial information, or their credentials, or entice them into clicking on a link that could install malware on the computer.
E-mail spam are messages sent to many people, often simultaneously, that either contain web links to Internet websites that host malware or contain executable malware within the message designed to infect the computer when opened. These messages are also called junk e-mail.
Spoofing aims to trick users into taking actions that that aren’t in their best interest. For example, users might be tricked into believing false information or divulging confidential information, access authorization information, passwords, and other information. Spoofing can mean:
- Impersonating a person, organization, agency or server without permission.
- Faking the origin. The messages were allegedly sent from the administrators, but they were actually from intruders trying to steal accounts.
Open to view common examples of phishing and spam emails.
Below are the financial examples.
Phishing Email Dos and Don’ts
- DO call a company that you received a suspicious email from to see if it is legitimate, but DO NOT use the phone number contained in the email. Check a recent statement from the company to get a legitimate phone number.
- DO look for a digital signature/certificate as another level of assurance that senders are legitimate. Digitally signed messages will have a special image/icon at the subject.
- DO adjust your spam filters to protect against unwanted spam.
- DO use common sense. If you have any doubts, DON’T respond. Contact the ITS Help Desk if you have any questions.
- DON’T open email that you have any suspicion may not be legitimate. If it is legitimate and the individual trying to contact you really needs to, they will try other means.
- DON’T ever send credit card or other sensitive information via email.
- DON’T click the link. Instead, phone the company or conduct an Internet search for the company’s true web address.
- DON’T open email or attachments from unknown sources. Many viruses arrive as executable files that are harmless until you start running them.
What should I do?
Phishing emails are a scary thing to receive. Here are a few things you could do:
Report it to your email provider
If your email account is provided by Google or Microsoft, their clients have a reporting feature. as shown below:
If using Outlook App:
Report it to the Government Agency
Cyber Security & Infrastructure Security Agency helps individuals becoming victims of phishing scams by gathered phishing email messages and website addresses by simply forwarding them the emaiil to them.
Forward to: [email protected]
Mark it as scam/junk
You can mark the email sender as a scam or as a junk, your email provider will block off the sender address and move it to the junk list.
Delete the email
If the email you recieved is a scam or a phishing email. Simply delete the email after you report the email.
What if I clicked on the phishing link?
Do not panic, we recommend all of the following action to limit any risks:
- Change password
- Run AnitVirus scanner
- Use two-factor authentication
- Back-up your files
- Check for transactions