Don't get hooked

A phishing scam is when someone attempts to acquire your personal information by pretending to be a trustworthy entity in an electronic communication.

Phishing warning signs

  • Non-personalized greeting: Phishing messages usually do not address you by name, but use a generic greeting, such as "Dear User" or "Dear Customer."
  • Urgent/Threatening language: Threatening language such as "Your access will be revoked if you do not..." or "Your account will be terminated if you do not..." is often used to elicit a response from you.
  • URLs don’t match and are not secure: If an email has a link, be cautious. If you're not on a touch device, hover over the link with your mouse. Does the URL displayed match what you're expecting? Never log into a website that's not secure -- look for "https://."
  • Poor grammar/misspellings: The largest propagators of phishing attacks are from Russia and China where English is not their first language. Use this to your advantage by spotting poor grammar and misspellings as a red flag.
  • Subject matter does not relate: For example, if you don't bank at ABSA, don't fall for a phishing message "from" ABSA.
  • Request for personal information: The tell-tale sign of a phishing message is the request for personal information. Legitimate institutions should never ask for your personal information via email.

Examples of a phishing scam

Can you spot the phishing signs? Hover over the areas with dashed lines to read a description.

On 2/6/14 12:23 PM, "PayPal" <paypal@update.com wrote:
Dear customer,
We regret to inform you that your account has been restricted.
To continue using our services plese download the file attached to this e-mail and update your personal information.
© 1999 - 2014 PayPal
 
From: North-West University [mailto:mwagone@purdue.edu ]
Sent: Wednesday, February 05, 2014 8:27 AM
Subject: Letter From North-West University !!!
You have 1 new Security Message Reference for your account!
Re-Login to confirm your account status [Click here]
This message should only by those who can read it addressed and its content is not intended for use by any other person.
Copyright © 2014 Auburn University.

How to avoid becoming a phishing attack victim

  • DO NOT reply to emails with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly.
  • DO NOT click links in email messages. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
  • DO NOT use the same password for your NWU account, bank, Facebook, etc. In the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places they can.
  • DO change ALL of your passwords. If you suspect any account you have access to may be compromised, whether it is your NWU account, Facebook, bank, etc., change them all.
  • DO be cautious when using your phone. It may be easier to miss tell-tale signs of phishing attempts when reading the email on a smaller screen.

source: http://keepitsafe.auburn.edu/2014/