What is phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, social security numbers, and financial information, often for malicious reasons. These attacks are often initiated by organized cyber-crime groups that will impersonate a trustworthy entity in an electronic communication. The attempts have become more sophisticated, and they are capable of achieving high levels of apparent credibility by leveraging public information, such as email addresses.
Our spam mail filters remove many of these messages before they enter inboxes, but it does not eliminate, the threat to our community.
The community also has a role to play. Education and awareness are the keys to protecting yourself and your private information.
How to detect a phishing message
To identify a phishing attack, look out for these red flags:
- Links in the email. Beware of links contained within the message. These links can direct you to spoofed web pages or download harmful files on your system. Try resting your mouse over the link before you click on it to ensure that the address matches the link that was typed. You can always check the legitimacy of a message by going directly to the company or organization website or contacting them via phone.
- Attachments. Hovering over an attachment usually produces additional information about what it is. A document that looks like it has a name “something.pdf” might actually be a file “something.exe.” An .exe extension means the attachment is actually a software program that you execute and is extremely dangerous; it can cause computer infection and data loss.
- Urgent requests. Phishing attacks are meant to induce panic in the receiver. Legitimate companies and organizations would never send these types of alerts through insecure channels like email.
- Bad spelling or grammar. Phishing messages are notorious for containing misspelled words or poor grammar. Professional companies or organizations most often have staff that will not allow mass emails to go out with these mistakes.
- Unexpected requests regarding personal information. If the email received is an unexpected request for information, do not respond. In general, you should be extremely wary of following links or answering questions from contacts you did not initiate. Emails regarding password resets, account expirations, or confirmations will always be initiated on the part of the user first.
Always be suspicious of any email with the characteristics listed above. In general, you should never volunteer confidential or personal information based on any contact that you did not explicitly initiate.