Phishing occurs when someone attempts to use electronic communication such as email to fraudulently acquire confidential information such as your password by pretending to be a trusted person or part of a trusted group.
How does phishing work?
Phishing is a form of social engineering, the art of manipulating people into sharing confidential information or performing a desired action. Phishing attacks are commonly transmitted via email and social network sites like Facebook and Twitter.
How will they encourage me to share my information?
Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed or lust. They also often present a sense of urgency. Examples include messages that:
- Tell you that your account was misused by you and will be disabled
- Tell you that your account was compromised and will be disabled
- Tell you that your Mailbox has reached its limit and will be disabled
What might the phisher ask for?
- Your password
- Account number, card number, PIN, access code
- Personally identifiable information like your date of birth, Social Security number or address
- Confidential information like student records, financial records or technical information
Signs of a potential phishing attack
If the communication you receive exhibits any of the following, it may be a phishing attack.
- You are asked for confidential information
- You are asked to visit a web page with a suspicious or unexpected address
- You do not recognize the sender or the sender does not normally contact you
- You recognize the sender, but the sender’s email address, alias or name spelling are unusual
- You’re told something negative will occur if you don’t supply the requested information
- The writing style is unusual
How to protect yourself
- Ask yourself whether you should be sharing the information requested
- If the supposed sender is someone or an organization known to you, contact them to discuss the request
- Use a browser that alerts you when you attempt to visit known phishing websites
- Before you click a link, inspect it
- If unsure of a link’s authenticity, use a link you know or find the link via a search engine