‘Tis the Season for Phishing Scams  

The holiday season is prime time for phishing scams aimed at stealing sensitive, personal information (e.g. passwords, credit card numbers, Social Security numbers), which in turn can be used for fraud or identity theft.  As your inbox fills with Christmas shopping deals, holiday greetings, travel discounts, and New Year’s specials, the Department of Information Technology wants to remind you of these important tips for identifying and avoiding phishing scams. 

How to Spot a Phishing Attack 

Phishing email messages are designed to steal your identity. They ask for personal data, or direct you to a website or phone number where you are asked to provide personal information.  When you receive an email, even if it appears to come from a trusted source, be aware of the common warning signs of a phishing attack.   

1. Unverified Sender Information 
   You receive an email from a popular cruise line, but the sender is using a public email domain such as Gmail, Yahoo, or AOL.
   
   Scammers will often customize the sender’s display name to be familiar and general. Check the full email address of the sender to ensure that the domain name (what follows the @ symbol) matches the apparent sender.  Also, check for emails that resemble the name of a well-known company (@shu.edu), but are slightly altered by adding, omitting, or transposing letters (@shu.com).
    
2. Spelling and Grammar Mistakes 
   The subject line of the email reads, “book an Cruises this winter.”
   
   Pay special attention to how an email is worded, and look for spelling, punctuation, and grammatical errors.  Poorly written emails are often a tell-tale sign of a phishing scam.
    
3. Urgency and Ultimatums 
   The body of the message states, “You’ve been selected to receive 65% off an upcoming cruise.  Click here to claim your discount. This deal ends tonight at 6 p.m.” 
   
   Messages that convey a sense of urgency are designed to make you respond immediately without thinking.  Additionally, messages about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent. 


4. Incorrect Links and Unexpected Attachments 
   
   The URLs or hyperlinked words in a phishing email are often masked, meaning the link you see does not direct you to the address displayed. Instead, users who click are directed to a different, usually illegitimate, website.  Before you click, hover your mouse pointer over links and hyperlinks, and a small pop-up window will appear showing you the true destination of where the click will take you.   
   
   For unsolicited attachments, use a personal, anti-virus software to scan the attachment before opening it.  Be aware that some anti-virus software will not allow scanning from the email itself, so you may be required to download it to your desktop first by right clicking the attachment.  This is okay as long as the attachment isn’t opened from your email or desktop before the scan is complete. 

You’ve Been Phished.  Now What? 

If you recognize that an email sent to you is a phishing email, report it!  Click the “Report Phish” button, located in the top navigation of your email account, to send the email to IT Security for investigation.  If you are unable to find the button, or it doesn’t work, open a ticket with the service desk by forwarding the phishing email to [email protected].  

If you accidentally clicked on a link or provided any information before recognizing the phishing attempt, close the page and immediately change the passwords of any compromised accounts.  If you’ve provided credit card or banking information, contact your bank and financial institutions to make them aware of the situation.  Lastly, report the phishing attack to Information Security to receive recommendations for additional steps. 

Don’t let cyber criminals steal your information, identity, or holiday joy. To learn more about steps you can take to protect yourself, visit: www.shu.edu/technology/phishing-scams.cfm

Categories: Science and Technology