What is phishing?

What is phishing?

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”1

How to identify it?

  • Look at who the email is from.  Phishing emails often appear to be from popular companies or government agencies?  Beware of email from people you know that have unusual subject lines, content, or links.  Also, if the email says it is from you that is another red flag.
  • Did you request information from the company?  If not, it is another sign to watch out.  Beware of all unsolicited email.
  • Look at the subject, does it make sense? Is it information you have requested or are expecting?  Common phishing email subject lines include the words:
    • Fed Ex
    • Taxes
    • Invoices
  • Does the email contain incorrect spelling or grammar?
  • Check for links in the email but don’t click on them!  If you think it may be legitimate, either call the business or go to their website by typing in the URL in the browser.  Do not click on any links or shortcuts the email provides.
  • Is there a sense of urgency?  Does the author tell you that you must do something by a certain time or that your account has been locked or disabled?  Another red flag. 
  • Are there threats?  Click here or else?
  • Beware of offers that seem too good to be true.
  • The biggest red flag is any email that is requesting personal information such as social security number, account number, or password via email or that prompts you to click a link and enter the information.  Valid businesses will not ask for this information via email.
  • Attachments that you are not expecting even if they appear to be from someone you know. Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer's security.

What to do with phishing emails?

  • Delete phishing email! 
  • Report phishing emails to appropriate authorities immediately!
  • If you have been tricked by a phishing email, file a report with the Federal Trade Commission at www.ftc.gov/complaint.
  • If you are concerned about an account, call the business at a known good number such as on your statement and report the incident.

RESOURCES: