Phishing

What is Phishing?  

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card detail by masquerading as a trustworthy entity in an electronic communication.

  • Phishing emails may contain links to websites that are infected with malware
  • Phishing can come in more than one form: email, instant messages, pop-up, online postings, and telephone
  • Phishing requires YOUR HELP in order to succeed

If you have any suspicion or uncertainty, DON’T RESPOND BY CLICKING.  Just contact the sender of the email through your normal mode of communication.  This is always your best protection.  It’s that simple.  It’s your responsibility to protect your personal information.  

DID YOU KNOW IN 2016....
1,220,533
Phishing attacks occurred
for the year

92,564
Phishing attacks occurred per month
277,693
Phishing websites were detected
30%
of Phishing emails were opened
 

 

Phishing Warning Signs

  1. Non-personalized greeting

    Phishing messages usually do not address you by name, but use a generic greeting, such as "Dear User" or "Dear Customer."
  2. Urgent/Threatening language

    Threatening language such as "Your access will be revoked if you do not..." or "Your account will be terminated if you do not..." is often used to elicit a response from you.
  3. URLs don’t match and are not secure

    If an email has a link, be cautious. If you're not on a touch device, hover over the link with your mouse. Does the URL displayed match what you're expecting? Never log into a website that's not secure -- look for "https://" .
  4. Poor grammar/misspellings

    The largest propagators of phishing attacks are from Russia and China where English is not their first language. Use this to your advantage by spotting poor grammar and misspellings as a red flag.5
  5. Subject matter does not relate

    For example, if you don't bank at Wells Fargo, don't fall for a phishing message "from" Wells Fargo.6
  6. Request for personal information

    The telltale sign of a phishing message is the request for personal information. Legitimate institutions should never ask for your personal information via email.

Examples of a Phishing Scam

http://www.phishing.org/phishing-examples

How to avoid being a Phishing attack victim

  1. DO NOT reply to emails with any personal information or passwords

    If you have reason to believe that the request is real, call the institution or company directly
  2. DO NOT click links in email messages

    If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
  3. DO NOT use the same password for your USA account, bank, Facebook, etc

    In the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places they can.
  4. DO change ALL of your passwords

    If you suspect any account you have access to may be compromised, whether it is your AU account, Facebook, bank, etc., change them all.
  5. DO be cautious when using your phone

    It may be easier to miss telltale signs of phishing attempts when reading the email on a smaller screen.

Using a Phishing filter


Chrome

Chrome

Menu > Settings > Show advanced settings... > Check "Enable phishing and malware protection"


Firefox

Firefox

Tools > Options > Security > Check "Block Reported Attach Sites" and "Block Web Forgeries"


Safari

Safari

Settings > Preferences > Security > Check "Warn when visiting a fraudulent website"


Internet Explorer

Internet Explorer 10+

Tools > SmartScreen Filter > Turn On SmartScreen Filter...

 

Think you can spot the Phishing? Take one of the quizzes to see....

Phishing Quiz

How is your Phishing IQ?

How to report suspected Phishing

The Information Security Office handles complaints related to phishing, malware, and malicious software.   To report Information Security breaches or concerns, please contact the Computer Services Center Help desk by calling (251) 460-6161 or Email: helpdesk.southalabama.edu.  Please be sure to provide as much information about the complaint as possible including but not limited to: dates, times, attacking and attacked IP address, email internet header information, and audit/security logs on the incident.  Please do NOT include any confidential data or information that would personally identify individuals.  Contact the Computer Services Center Help desk first for guidance in handling such information.

Report all threats to persons or property immediately by calling the Campus Police at (251) 460-6312 or during an emergency dial 911.

*Certain information on this site was provided by Auburn University