Don’t get Hooked by Phishing Scams
June 6, 2019
If you need to report a scam or suspect you have been phished, please contact the Information Security Office
by filling out a contact form or by submitting an email to [email protected]
. Please preserve the original
mail headers by forwarding or sending the email as an attachment.
Phishing occurs when a person (the phisher) sends some form of unsolicited communication in order to trick a victim. It is called phishing because these communications are baited “hooks” that try to make individuals take some sort of action that will benefit the phisher, whether that be clicking on a link or disclosing sensitive information.
Usually the communication is email, but it can also be social media posts, phone calls, texts, etc. Phishers use many different tricks to lure victims and make them more likely to perform the desired action – from pretending to be a trusted entity (your bank, Social Media companies, a hacked account, etc.) to faking urgency or including a time limit to respond. Bad decisions are often made under pressure, so it is important to take your time with any and all communications.
Don’t take the bait! If you find yourself caught in a phishing attack, remember these five steps:
If an email or phone call seems suspicious, take the time to verify the source of the information. Verify that phone calls are from the companies they claim they’re from. Check email addresses, destination links and message body for incorrect spelling. Use the hover technique on all links to see the URL. Does the message seem urgent or have a time limit? Does the message address you by name or was the greeting vague and applicable to anyone?
If you have identified the message as phishing, reporting it could prevent other users from becoming victims. Malicious sites and specific email addresses can also be blocked.
Phishing attempts to UTD emails should be reported immediately to [email protected]
Please attach the suspected email to your message. To forward phishing emails as attachments in Outlook, go to the Home tab > More (just to the right of Forward) > (click on the arrow for More and select) Forward as an Attachment. This forwards the email including the headers, allowing our Security Analysts to investigate the sender’s address.
When these attempts are reported to the Information Security Office, we can block access to the sites trying to steal your information. Additionally, our email administrators can block future messages from the sender.
Other phishing scams can be reported to the official business that the phisher pretended to be representing.
3. Avoid Pitfalls
Do not take the action the phishing message is trying to trick you into doing. Don’t respond, click links, download or open attachments. Once you have identified and reported a phishing message, do not delete the message until you are sure the Information Security Office does not need to obtain a copy of the email as evidence.
4. Damage Control
If you think you may have accidentally fallen for a phishing attempt, take the necessary steps to clean up any consequences. If the phishing attack was successful, still report it. Review all financial statements for incorrect charges and dispute charges if necessary. Change your account passwords and scan your computer for malware. Also consider freezing your credit.
Make regular backups of your important information and your computer. Proactively enable fraud alert services and periodically check your financial accounts and credit report to verify transactions. Refresh your passwords at least once a year to help keep your accounts secure. Most importantly – take the time to do step one – verify the source of all communications before taking action.
Review examples of current phishing attacks and contact the Information Security Office at [email protected]
for more information.