Phishing refers to sending an email that tricks a person into clicking on a link or opening an attachment. The goal of phishing is to steal information, such as usernames and passwords.
Phishing email messages ask you to send or “confirm” sensitive information like your login ID and passphra se, bank or credit account numbers, and PINs. They often threaten to close your account. These scams sometimes ask the reader to visit a website to provide this information. The messages often appear to come from an organization you trust.
TIP: Florida Poly will never ask you for your password via email, telephone or a non-campus website.
Clicking the link exposes the user to malicious code which may install malware on their computer. Once installed, malware provides an attacker access to files and passwords on the computer.
Clicking on links in phishing emails or entering your username and password on malicious websites, can put your information at risk – this includes not only University’s data but also your personal data. Through phishing emails, attackers can gain access to confidential University information, steal money from your bank accounts, and steal your identity.
Phishing scams can cause huge problems for the people who respond, and for their organizations (e.g., universities and businesses). Thieves can use the information they get to send spam, open credit card or bank accounts in your name, change passphrases to lock you out of your accounts, and commit other forms of identity theft.
Think before you reply! Sharing sensitive information with phishers can cost you hundreds of dollars and hours of time.
There is very little risk in simply opening emails. In almost all cases, opening an email will not result in compromise.
The risk is in clicking on links or opening attachments. Attackers can email you infected attachments that install malicious software, commonly referred to as malware. Clicking on a link in an email can take you to a website which steals login information or install malware on your machine without your knowledge.
Never reply to messages that request sensitive information. Do not click on links, reply to the message, or call phone numbers provided within the message. Don’t forward the message to friends, family or co-workers.
If you think a message is legitimate, find a phone number in your other correspondence with them, and call to ask them about the email message.
Simple phishing emails are often poorly written. If the content of the email doesn’t line up with what you’d expect from the sender, beware.
Move your mouse over any link in an email, without clicking on the link. You will see the address where the link will actually take you. If the two are different, beware.
Is the email claiming that you were charged an extraordinary amount on your cell phone bill, or telling you your email account has been suspended? Be careful – the link is most likely malicious.
Is an email starting with “Dear Customer” but not including your real name? Chances are the fraudster doesn’t even know who this email account belongs to. Don’t click.
Click wisely. Click only links and files that are expected, and only from people you trust. Out-of-character or suspicious emails that appear to come from a colleague may be phishing. If you aren’t sure, don’t risk the click. Review an email from this most recent phishing attack to spot the signs of phishing.
