Cybersecurity Tip - Phishing Emails
What is Phishing?
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Tips to identify phishing emails
- Most phishing campaigns want your username and password to be entered into some external website.
- Most phishing emails express urgency and threaten penalties. For example, "Click this link and provide your id and password. Failure to do so within 24 hours will cause your account to be suspended!" ITS will NOT send these types of messages.
- Most phishing emails are very generic. They lack individual signage, phone numbers, institutional graphics, and distinct contact information.
- Most phishing messages pretend to be from someone you know internally but in actuality come from outside of our network. For users with @fairfield.edu emails, if the 'This message came from a sender outside the University' tag exists in the body of the message, the email is from someone outside our organization.
- Most links within a phishing email will really point towards odd external websites. Hover over any email links before clicking. Make sure the website URL makes sense for the request.
- Most phishing emails contain incorrect spelling and odd grammar. Occasionally this is intentional to avoid phishing filters.
Some phishing emails are completely unique, don’t follow any of these rules and appear completely legitimate. It’s important to maintain a healthy skepticism when it comes to your email. If you are ever in doubt forward the message in question to phishing@fairfield.edu. We can examine the message on your behalf.
Why was the phishing email not blocked?
Fairfield University has a variety of safeguards in place combating known viruses and phishing attempts. Millions of threatening emails are stopped before any University employee or student sees them, by design. On occasion, an email will slip through the safeguards. If you receive what you suspect to be a dangerous email, delete it. Cyber security starts with users being informed and continually looking out for anything that seems suspicious.
I think an email I received might be phishing
Use the 'Report Suspicious' button in Outlook, on owa.fairfield.edu or Gmail. If you're not able to use the button please forward the email to phishing@fairfield.edu. After you forward the email to phishing@fairfield.edu, please delete the email and delete it from your deleted items folder as well.
For more information, contact ITSecurity / 4054 / ITSecurity@fairfield.edu