Phishing is a common method of trying to gain personal information by using deceptive e-mails and websites.
Here's what you need to know about this type of cyber attack.
Phishing is a type of cyber attack that bad actors (hackers) use to lure users into providing their information. The goal is to trick the recipient of the email into believing that the message is legitimate — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
Below is an example of a real phishing attack:
What to Look for in a Phishing Email:
- Attachments and links: Be wary of any unexpected email attachments or links, even from people you know.
- Emails sent with coworkers’ names but non-USA.edu addresses. Many of the recent attacks are being sent by senders using the same names as Executive Leadership but from non-descript, non-USA.edu addresses. Double check with your co-worker that they have sent you an email from a personal account before replying.
- Requests for you to either buy goods, services, gift cards or transmit sensitive personal or institutional financial data.
- Senders you don’t recognize: If the sender is someone you do not recognize, chances are the email is either spam or phishing. Hover over email names to see the sender’s address if the email contents look odd. Closely examine the sender’s email domain for incorrect addresses (e.g., @usa.edu is correct; @usafhs.edu is fake).
- Requests for passwords or other private information: Ignore commands and requests for action and never send sensitive information in an email. Password-protect any confidential information that must be sent through email.
- URLs don’t match: Hover over links in email messages to verify the actual destination, even if the link comes from a trusted source.
- Missing a lock icon or other security identifier: Look for “https://” and a lock icon in the address bar before entering any private or sensitive information. (An easy way to remember is the “s” in “https” stands for secure).
- Tone and grammar: Be suspicious of messages with grammatical or spelling errors, or urgent or threatening language or tone. Be skeptical of emails requesting transfer of funds or information.
- The URL in the link sends you to a non-USA domain.
- The message implies that your account will be deactivated if you do not supply the requested information.
- The message includes non-standard capitalization and missing punctuation.
- The message lacks a greeting.