Phishing is a technique identity thieves use to steal your personal information, usually passwords or financial information. Like a fisherman using a lure to hook a fish, identity thieves try to lure you into giving up personal information by making what looks like a legitimate request from an organization you trust. These might look like they are from a bank, credit card company, or even Assumption College. Unfortunately, phishing scams can be highly effective.
Phishing can be very easy to spot or it can be surprisingly subtle: when you receive an email with lots of misspellings or from an institution you don't do business with, it is easy to recognize the message as a scam. However, sophisticated phishing attempts use emails and phone calls that are crafted to look and sound like an official message from your bank, credit card company, or Assumption College
Phishing messages typically have links that look like they will send you to a legitimate site, but instead send you to a copy designed to steal your personal information. To be safe, do not click on links in the email; if you think the message is valid, visit the website by typing the web address directly into your browser's address bar. To verify the link destination, hover your cursor over the link. If it looks suspicious, don't click!
Banks, stores, credit cards and Assumption College all recognize the danger phishing poses. Because of this, these institutions make it a practice never to ask for sensitive information to be sent by email. Any emails asking you to "update an account" or reset a password by including sensitive information in an email should be deleted immediately.
Remember: Assumption College will NEVER ask you to send your password over email.
How do I Spot a Phishing Attempt?
1. Look at the actual email address the message was sent from
Most people do not take the time to check the actual address an email came from, but checking the email address can be the easiest and most effective way to spot a phishing scam. To trick you, phishing scammers will either alter the display name, leaving their actual address, or may even have stolen the identity of someone you know.
A bank, store, or even Assumption will never send you email correspondence from a Hotmail account, for example. So an email that was sent from email@example.com is very likely a phishing attempt.
2. Check for spelling and grammar mistakes
If the message is badly spelled or uses poor grammar, this is a major sign of a likely phishing attempt
3. Generic greetings can indicate phishing attempts
Not every email with a generic greeting, such as “Dear User,” is a phishing attempt. But a generic greeting it is a great first sign that the email may be fraudulent. Most major companies that correspond through email (eBay, PayPal, Amazon, etc) have learned to start legitimate emails by greeting you with your name or some kind of identifying information.
If an email is not addressed specifically to you, but it's asking for specific information about you, check for other tell-tale signs.
4. Hover over links
Sometimes a phishing email will ask you to click on a link to provide information, to update an account, or to take you to a particular web page. Sometimes, the link in the email looks correct and legitimate. However, a link may look like it's taking you to a safe web site, when in reality, it's taking you somewhere dangerous.
Most modern email programs and web browsers (for those checking email through webmail) have a built-in feature that allows you to hover over a link to see where it's really going to take you. Simply move your cursor over the link, without clicking on the link, and wait a few seconds. Your email application or your browser will show you the real link web address. If you don't recognize the web site that a link will actually take you to, simply delete the phishing email.
5. Recognize emails that come from an organization or company you're not affiliated with
If you do not have an account with Wells Fargo, but you receive an email from Wells Fargo asking you to update your account details, it is a safe bet to assume this is a phishing attempt. These are usually the easiest phishing attempts for people to spot.
6. Is the message asking you to take immediate action?
Sometimes phishing messages insist that you must provide account information, including passwords, in order to increase your email allocation, or keep your account from expiring, or receive a pay increase, or other transaction. No legitimate business or organization will do this. If you are concerned, call the person or organization who purportedly sent the message to verify. But DO NOT provide your personal account information in reply to the email.
First and foremost, do not click any links or reply back to the email. In most cases, just receiving a phishing email doesn't put you in danger. When you spot a phishing email, you can simply delete it.
If you receive a phishing email claiming to be from Assumption College, you can simply delete it, or you can inform IT&MS by emailing firstname.lastname@example.org. (Note: your email could be returned as undeliverable if it is already recognized as spam or is a known phishing attempt. In that case simply delete the message.)
If you receive a phishing email in a personal email account, you can report it by forwarding phishing emails to the company, bank, or organization impersonated in the phishing email. You can also report phishing emails to the Anti-Phishing Working Group at email@example.com or to the United States Computer Emergency Readiness Team (US-CERT)
Train yourself not to respond to unsolicited emails or phone calls that request sensitive information, no matter how convincing they may sound or how well you think you know the sender.
NEVER send sensitive data over email, especially these types of information:
- Passwords and other account information
- Social Security Numbers
- Financial information (credit card numbers, bank account numbers, etc.)
- Any information you've used for a password reset question
REMEMBER: Assumption College will never ask you to send your password or update account information over email.