What is Phishing?
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card detail by masquerading as a trustworthy entity in an electronic communication.
- Phishing emails may contain links to websites that are infected with malware
- Phishing can come in more than one form: email, instant messages, pop-up, online postings, and telephone
- Phishing requires YOUR HELP in order to succeed
If you have any suspicion or uncertainty, DON’T RESPOND BY CLICKING. Just contact the sender of the email through your normal mode of communication. This is always your best protection. It’s that simple. It’s your responsibility to protect your personal information.
Phishing attacks occurred
for the year
Phishing attacks occurred per month
Phishing websites were detected
of Phishing emails were opened
Phishing Warning Signs
Non-personalized greetingPhishing messages usually do not address you by name, but use a generic greeting, such as "Dear User" or "Dear Customer."
Urgent/Threatening languageThreatening language such as "Your access will be revoked if you do not..." or "Your account will be terminated if you do not..." is often used to elicit a response from you.
URLs don’t match and are not secureIf an email has a link, be cautious. If you're not on a touch device, hover over the link with your mouse. Does the URL displayed match what you're expecting? Never log into a website that's not secure -- look for "https://."
Poor grammar/misspellingsThe largest propagators of phishing attacks are from Russia and China where English is not their first language. Use this to your advantage by spotting poor grammar and misspellings as a red flag.5
Subject matter does not relateFor example, if you don't bank at Wells Fargo, don't fall for a phishing message "from" Wells Fargo.6
Request for personal informationThe telltale sign of a phishing message is the request for personal information. Legitimate institutions should never ask for your personal information via email.
Examples of a Phishing Scam
How to avoid being a Phishing attack victim
DO NOT reply to emails with any personal information or passwordsIf you have reason to believe that the request is real, call the institution or company directly
DO NOT click links in email messagesIf you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
DO NOT use the same password for your USA account, bank, Facebook, etcIn the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places they can.
DO change ALL of your passwordsIf you suspect any account you have access to may be compromised, whether it is your AU account, Facebook, bank, etc., change them all.
DO be cautious when using your phoneIt may be easier to miss telltale signs of phishing attempts when reading the email on a smaller screen.
Using a Phishing filter
Menu > Settings > Show advanced settings... > Check "Enable phishing and malware protection"
Tools > Options > Security > Check "Block Reported Attach Sites" and "Block Web Forgeries"
Settings > Preferences > Security > Check "Warn when visiting a fraudulent website"
Internet Explorer 10+
Tools > SmartScreen Filter > Turn On SmartScreen Filter...
Think you can spot the Phishing? Take one of the quizzes to see....
How to report suspected Phishing
The Information Security Office handles complaints related to phishing, malware, and malicious software. To report Information Security breaches or concerns, please contact the Computer Services Center Help desk by calling (251) 460-6161 or Email: helpdesk.southalabama.edu. Please be sure to provide as much information about the complaint as possible including but not limited to: dates, times, attacking and attacked IP address, email internet header information, and audit/security logs on the incident. Please do NOT include any confidential data or information that would personally identify individuals. Contact the Computer Services Center Help desk first for guidance in handling such information.
Report all threats to persons or property immediately by calling the Campus Police at (251) 460-6312 or during an emergency dial 911.
*Certain information on this site was provided by Auburn University