How to Spot a Phisher
- What is phishing?
- How does it spread?
- What does a phisher ask for?
- What does a phisher do with my info?
- How do I protect myself?
- What do I do if I fell victim to a phishing attack?
- Phishing Example
Phishing is a form of social engineering which attempts to acquire sensitive information, such as usernames, passwords, and bank account details by pretending to be from a trusted person or part of a trusted group.
Phishing is typically spread electronically through email, instant messaging or social media websites. It often directs users to disclose private information at a fake website whose look and feel are almost identical to a legitimate one. Phishers may also target individuals through phone calls.
A phishing attack will attempt to have you disclose any of the following private information:
- Your username & password
- Your bank account or card number
- Personally identifiable information, such as your date of birth, social security number or address
- Confidential information (ie – student record or financial information)
A phisher typically uses your account for illegitimate purposes. This may include logging into your email to send spam, accessing confidential data, performing identity theft, or even withdrawing money from your bank account!
Technology Services recommends taking the following precautionary measures to protect yourself against phishing:
- Change your password regularly! View our login information for more details.
- Ask yourself whether you should be sharing the information requested.
- Before clicking on a web link, inspect it.
- When in doubt, delete the message.
If you have disclosed your login or other sensitive information at any time, change your password immediately! Following, notify Trinity ITS for further assessment.
The message below is a phishing attempt received by a Trinity employee. The message, signed by the “IT Department” is requesting to activate the usage of “network services such as email and internet.” Trinity ITS will never ask to activate services, or require your username and password.
This message exhibits the following typical characteristics of a phishing attempt:
- The sender, Irwin Jake, and email address, firstname.lastname@example.org, is not someone the Trinity employee has associations with.
- To: address is blank, or sometimes includes someone else’s name.
- The subject is suspicious, reading Dear Staff,.
- Vague message content with grammatical errors. Trinity ITS proof-reads campus-wide notices prior to distribution and never asks for service activations.
- Hovering the mouse cursor over the suspicious Click Here link reveals a URL not part of the Trinitydc.edu domain.
- Message footer does not comply with Trinity ITS’ email footer.
While not all phishing attempts exhibit the above characteristics, Trinity ITS recommends being mindful of these when handeling electronic communication to safeguard your account and prevent sensitive information from being in the wrong hands.