Phishing Overview

About Phishing

• What Is Phishing?
• Phishing emails, Vishing - via voice communication, and Smishing - via text messages, depending on your awareness and response, can put your personal information, and the organization's systems and data at risk.  Spam email is unsolicited email messages sent to a large number of email addresses. Phishing is the fraudulent practice of sending emails, texts, or phone calls that look like they are from reputable companies or trusted contacts in order to get you to reveal personal information like as passwords, credit card numbers, etc.
• The human factor is what makes phishing a top method in committing cybercrime. Phishing can't always be detected by antivirus software and attackers don't need to infect your computer when they can successfully deceive individuals to willingly provide personal and sensitive information.
• Phishing is the most common method used in spreading ransomware attacks, this can include clicking links, attachments, downloads, website popup's, advertisements, or providing sensitive information, account or financial information.

What to know and do

• Only respond to known senders.
• Know that many hackers use email addresses similar to those used by official entities or trusted partners.
• Be wary of fake unsubscribe messages
• Never click on unknown email or text attachments or links; this includes unexpected calls, texts or email from a trusted personal contact, institution, or business. To help verify if what you received is legitimate:
  • independently initiate in a separate communication using known personal contact information you have or gained from officially posted means of contact for an entity. Use caution and think before you click.
  • If they claim to represent a bank, government agency, organization or business you already do business with, do not respond. Go to the official website of the organization and contact them using officially posted contact information.
• Recognize the signs of phishing and continue to stay informed about new phishing tactics.
• Learn Safe Computing Practices and Tips
• Learn about common Phishing attacks and how to protect against them

Know Common Indicators of Phishing:

• Unsolicited Emails coming from a non-metrostate address such as @gmail.com, @hotmail.com, or an outside source.
• Unfamiliar greeting or tone
• Grammar and spelling errors, inconsistencies in email addresses, links, etc.
• Phishing may involve:
  • unsolicited phone calls, texts, visits, or email asking for personal or sensitive information, or internal information about individuals, employees or the organization
  • asking you to use a specific form of payment or asking for financial information, including:
    • Payment apps, Gift card purchase, Wire transfers, Banking or Financial account/credit card information 
• Email subject may be short, suspicious, or convey urgency - such as:
  • Subject: Urgent
  • Subject: Are you available 
  • Subject: Follow up 
  • Subject: Overdue

What to do if you receive a suspected Phishing email

Metro State University will never ask for sensitive data via email (passwords, verification codes, credit card numbers, etc.).

• If you think an email is suspicious, please Report Phishing Email and Classify Junk / Non-Junk Email.
• Do NOT reply to email or click on any links or attachments contained within the email.
• Remain vigilant and be suspicious of any email that you receive regarding the need for you to provide information, or perform a task you are not familiar with.