What is Phishing?
Want to Learn About Spear Phishing Emails?
Check out this 2:28 minute training video on email phishing and how to protect your personal information and the campus data security.
Phishing is a method of trying to gather personal information using deceptive e-mails and websites.Spear phishers distribute malware in emails or breach your account to steal personal and organization information. 91% of data security breaches start with an email attack.
These attacks are easier to spot once you know what to look for. Be on the lookout for the following indicators of a malicious email:
- Email is from a sender you don't recognize
- Message is unexpected or unsolicited
- Sender's organization name doesn't match the email address domain
- Subject of the email uses emotional topics, urgent deadlines for response, too-good-to-be-true claims, or tries to scare you
- Contains spelling or grammar mistakes
- Asks you to download an attachment, enter personal information such as a password or social security number
Phishing vs. Spam
Spam is not the same thing as a phishing email. Spam is unsolicited commercial email, often delivered to a large number of individuals. Phishing is an active attempt to get you to click a dangerous link, download a file infected with malware, or enter personal information such as passwords or social security numbers. Spam can blocked or deleted, but phishing emails should be reported.
What Can You Do?
Preview emails in Outlook before opening and look for these three elements:
When an attachment comes from someone you don't know or if you weren't expecting the file, make sure it's legitimate before opening it.
Spear phishers will often forge log-in pages to look exactly like the real thing in order to steal your credentials.
Roll your mouse pointer over the link and see if the URL that pops up matches what's in the email message. If they don't match, don't click.
If you see something that looks off, don't open or click the message. Contact the OIT Technology Support Desk at email@example.com and report the email. You can also use the PhishMe Report Phishing button in newer versions of Outlook to submit a suspected phishing attempt to OIT. Even if you aren't sure, contact OIT to check it out. Better safe than sorry.
Check Out Our Recent Phishing Educational Campaign
This phishing email was sent to campus in April as an educational campaign. It relied on curiosity to prompt viewers into clicking the active link. If this had been a real phishing attempt, clicking the link could have stolen personal data from the viewer, or uploaded malware into the campus network. Always stop and think before clicking a link, and always contact OIT if you suspect a phishing attempt.
Contact the OIT Technology Support Desk at firstname.lastname@example.org and report the email.
To learn more about the Stanislaus State CoFense Email Security Initiative: CoFense Implementation Plan Summary May 2018.pdf