What is Phishing?
How to safely report e-mail
Phishing is the attempt to gain sensitive information through deceptive means via email. Malicious actors send emails posing to lure you into giving up secure information such as your password. Some attempts can be entirely convincing with logos or disclaimers are taken from legitimate websites. Before you click on any link inside an email, take a moment to consider its validity. There are several things you can look for to determine if a request is a phishing scam
Common attributes of phishing messages:
- The message may appear to come from a local source (e.g. UNTHSC) or local businesses (e.g. Wells Fargo Bank). The most frequently seen examples appear to be notices about email account suspension that require users to enter their user name and passwords into an online form to maintain access to their account.
- The message may use legitimate-looking corporate or organizational logos, idioms, disclaimers, or copyright information. It can appear to be amazon.com gift certificates, UPS or FedEX shipping notices, messages from the IRS, and fake fraud alerts from credit cards, PayPal, etc.
- The messages will likely lead to content hosted on sites that are different from the apparent origin of the message. For example, a message appearing to be from the “UNTHSC System Email Administrator” asking you to log into an account will link to a login form hosted on Google Docs.
- The message may include current events to add an air of legitimacy and to play on the phishing target’s emotions. Many of these targeted messages lead to a fake charity or donation sites.
- The message may include implausible business opportunities. For example, fake lottery winner announcements, fake job placements, work visa lottery scams, and fake business opportunities.
- The message requires that something is done immediately, such as “within the next 24 hours”.
- The message requests UNTHSC information from a site that’s not affiliated with a UNTHSC institution.
- The message contains a request for any sensitive information.
- The message contains simple and recurring misspellings or grammatical errors.
- The message contains URLs (links) in the message body that do not match what is shown in the email address or footer.