Information Technology

What is phishing?

Phishing occurs when someone attempts to use online communication fraudulently, such as email or private messages, to acquire confidential information such as your password by pretending to be a trusted person or part of a trusted group.

Phishing attacks are commonly transmitted via email and social network sites and apps like Facebook, Twitter, or Snapchat.

How do I know whether it’s phishing?

It’s often difficult to tell the difference between a legitimate message and one that’s phishing for your account information. Be skeptical of any email or direct message that appears to be from someone requesting money or valuables be transferred to them, that asks for your private information, or that contains content not typical of the supposed sender.

You can test an email for phishing with a few simple checks:

• Does this seem like something this person would send to me? Are the writing style and content typical of this person? If not, suspect phishing.
• Click on the little down arrow in the upper left corner of the email where it says “to me” or “to [your name]”. If the addresses in the To and From fields seem unusual, suspect phishing.
• Hover over any link in the message without clicking on it. If the URL that pops up is not what you’d expect given the content, suspect phishing. (If you haven’t tried hovering over links before to see where they link, try it now on a legitimate email you have received to see how it works. If unsure of a link’s authenticity, use a link you know or find the link via a search engine.)
• Is the message signed generically or is there an individual that you know sending the message?
• When handling issues regarding Allegheny Account information, ITS will contact individuals directly and will always sign the email from a particular staff person.  If you receive a message about your Allegheny Account from anyone not known to be in Information Technology Services (ITS), you should question the validity of the message. The URL of the Allegheny Password Change Form is https://accounts.allegheny.edu/ and is the only page we would direct you to use to handle an account password issue.

How will a phishing message encourage me to share my information?

Phishers typically present a plausible scenario and often take advantage of the recipient’s fear, greed, or lust. They also often present a sense of urgency.

Examples include messages that:

• Claim your account was misused or compromised
• Tell you to visit a web page with a suspicious or unexpected address
• Threaten negative consequences, such as your account being disabled or reported, if you don’t supply the requested information
• Ask you for confidential information, such as your:
  • account number
  • password or PIN
  • SSN
  • date of birth
  • student records
  • financial records

What should I do?

• When you determine a message is phishing, report it as phishing. Gmail includes an easy way to do this.  This will decrease the chances of the message landing in others’ inbox.
• If the supposed sender is someone known to you, contact them using a different method and discuss the request–not using “Reply”.
• Deleting the message is also appropriate.  If you already responded to the message, report any further communication related to your response as phishing, and do not respond further.
• Receipt of phishing messages doesn’t mean that your account or password has been compromised in any way. However, if you have any concern at all that your Allegheny Account may have been compromised, please visit the ITS website to change your password. Note, too, that two-factor authentication is an added layer of protection.

Questions? Contact the Help Desk at 814-332-2755.