What is Phishing?
Phishing is a cyber-attack that uses fraudulent emails, websites, and text messages to trick victims into giving up personal information and corporate data. The goal of phishing is to steal money, gain access to sensitive data and login information, or to install malware on the victim's device.
Why is preventing it important?
Threat actors want to gain access to target computer systems by deceiving the end user and getting them to give up their login credentials including multifactor authentication codes. One single compromised account can lead to severe consequences, including financial loss and theft of personal, financial, or corporate data.
What to Look for in a Phishing Email
-
Suspicious Sender Address:
- Check if the sender's email address matches the expected email address for legitimate communications. Often, the email address may look close to what you expect but have small alterations such as additional letters or numbers.
-
Generic Greetings:
- Phishing emails often use generic greetings such as "Dear Customer" or "Dear User" instead of your real name.
-
Urgency and Threats:
- Many phishing emails try to create a sense of urgency or assert an immediate threat. For example, they might claim that your account will be closed unless you update your personal details immediately.
-
Poor Spelling and Grammar:
- Professional companies or organizations usually have a high standard for communications. Watch for unusual grammar or frequent spelling mistakes.
-
Unfamiliar Tone or Greeting:
- If the tone or greeting in the email doesn’t sound like it’s from your colleague or a professional organization you interact with, it might be phishing.
-
Inconsistencies in Email Headers:
- Check the header information in the email; discrepancies between the header and the sender's address or other details can indicate phishing.
-
Links in Emails:
- Hover over any links embedded in the email without clicking them. Check whether the link address points to a different website or if it looks suspicious.
-
Attachments:
- Be wary of unsolicited attachments, especially those with executable files such as
.exe
,.scr
, or.zip
files, which can contain malware.
- Be wary of unsolicited attachments, especially those with executable files such as
-
Requests for Personal Information:
- Legitimate organizations will never solicit sensitive information through email. Be cautious of emails asking for passwords, account numbers, or other personal data.
-
Too Good to Be True:
- If an email makes an offer that seems too good to be true, it likely is. Common examples include large sums of money, unexpected winnings, or incredible deals.
What to Do If You Suspect a Phishing Email
- Do not click on any links or open attachments found in the email.
- If you are familiar with the sender organization, you can contact the organization directly using a phone number or website address you know to be genuine.
- Report the phishing attempt to the Campus Support at campussupport@atu.edu, or call us at 968-0646.
Be Diligent in Security Awareness
- Take a minute to scrutinize every email.
- Never use your username, password, or multifactor authentication code on a website you get to from a link in an email.
- Look for the red External Sender banner. Any email sent from outside the organization will have a red banner at the top.
- Contact Campus Support if you have any doubts or concerns.
By staying alert and knowing what to look for, you can help protect yourself and Arkansas Tech University from phishing attacks.