About Phishing
- What Is Phishing?
- Phishing emails, Vishing - via voice communication, and Smishing - via text messages, depending on your awareness and response, can put your personal information, and the organization's systems and data at risk. Spam email is unsolicited email messages sent to a large number of email addresses. Phishing is the fraudulent practice of sending emails, texts, or phone calls that look like they are from official sources, reputable organizations and business, and trusted contacts in order to get you to reveal personal information, passwords, and financial information .
- The human factor is what makes phishing a top method in committing cybercrime. Phishing can't always be detected by antivirus software and attackers don't need to infect your device when they can successfully deceive individuals to willingly provide personal, sensitive information or credentials.
- Phishing is the most common method used in spreading ransomware attacks, this can include clicking links, attachments, downloads, website popup's, advertisements, or providing sensitive information, account or financial information.
What to know and do
- Know that many hackers use email addresses and domains similar to those used by official entities, trusted sources and contacts; these slight address and domain variations can sometimes be easy to miss at a quick glance.
- Look for Domain similarities:
- Examine the domain (the part after the @). Scammers may use look alike domains, such as "micros0ft.com" instead of "microsoft.com".
- Check a sender's email address:
- Hover over the sender's display name with your cursor over to see the actual email address. Scammers often use familiar names but send from different addresses.
- Look for red flags: Always be cautious of urgent language, threats, or promises of reward, momentary or financial gain.
- Always be wary of requests anytime personal information, logins, pins, or credentials are being asked for, as well as financial details or action to pay, purchase, or transfer money,,
- Never click on unknown email attachments or links; this includes unexpected calls, texts or email from a trusted personal contact, institution, or business. To help verify if what you received is legitimate:
- Contact the source directly using a different channel with a verified phone number, or email address to confirm authenticity.
- If the source claims to represent a bank, government agency, or an organization or business you already do business with, do not respond. Go to the official organization's website and contact them using verified contact information.
- Inspect the website URL by looking at the URL displayed in the web browser address bar.
- Check for HTTPS: Ensure the website uses "https://" (not http) for secure connections.
- Examine the URL Structure: Be cautious of URLs with slight misspellings or unusual characters. Scammers often create fake sites that mimic legitimate ones.
- Recognize the signs of phishing and continue to stay informed about new phishing tactics.
- Learn Safe Computing Practices and Tips
- Learn about common Phishing attacks and how to protect against them
What to do if you receive a suspected Phishing email
Metro State University will never ask for sensitive data via email (passwords, verification codes, credit card numbers, etc.).
- If you think an email is suspicious, please Report Phishing Email and Classify Junk / Non-Junk Email.
- Do NOT reply to email or click on any links or attachments contained within the email.
- Remain vigilant and be suspicious of any email that you receive regarding the need for you to provide information, or perform a task you are not familiar with.