Phishing Scams
What is Phishing?
Phishing is when internet attackers impersonate someone or something you know to get you to disclose sensitive information, such as your password or credit card details. Anything from your bank routing information to learning if you have an account with a particular service are all valuable to the criminal. While not every unsolicited email is a phishing attack, it should be inspected for other suspicious elements that may help you identify if it's legitimate or not. A good rule of thumb is to ignore and delete the email if it has two or more of the following suspicious elements.
Types of Phishing Emails
- Emails tagged as malware have been identified to contain a link or an attachment that directs your machine to install malicious software. Generally, malicious software can delete or steal personal information, slow down your computer, encrypt your files and hold them for ransom, or display unwanted advertisements.
- Spear Phishing email messages are more targeted and personalized in order to increase chances of fooling recipients, spear phishing attacks use publicly available information to impersonate target's friends, relatives, coworkers, and other trusted contacts. The attacker will gather information about you through your social media accounts or through your employer's webpage.
- Tip: Do a web search for your name and see what results are returned. Is there any information you're not comfortable being public? Attackers can use this information to customize a phishing message for you to make it appear more legitimate.
- Part-Time Job Scams often target college students or alumni who may be searching for job opportunities. These scams are fake job offers that are usually too good to be true, offering high wages for little work. Be wary of any unsolicited emails with this characteristic, especially ones that send a check prior to you beginning any work. The scammer often will request you to wire a portion of the check back to them, and you will lose that amount of money.
- Extortion is a type of scam where someone threatens, coerces, or blackmails the victim into providing a form of payment or service through various methods of manipulation.
Signs of Phishing Messages
Unsolicited. Don't trust emails you weren't expecting to receive that ask for information.
Too good to be true. If it sounds too good to be true, it probably is. Part-time job scams often offer to pay an exorbitant amount of money for a simple task.
Asking for personal or financial information. Don't reply to emails requesting this information, report them.
Deceptive web links. Hover your mouse on the hyperlink to view its true destination. If you don't recognize it, don't click it.
Variations of legitimate addresses. For example, an email address ending in @ohio-edu.org instead of @ohio.edu.
Fake sender's address. Click the sender's name to view their email address.
Requesting urgency. The attacker wants you to act quickly so you don't notice the email is suspicious.
Fraudulent sites often don't start with https (the s stands for secure). Never sign into websites that aren't using https.
Misspelled words and bad grammar. A legitimate email would proofread and fix these errors before sending.
- Visit The Phish Bowl to view current phishing emails received by the university community.
What to do
To report a phish or ask for assistance in determining legitimacy, forward the email as an attachment to security@ohio.edu. You can learn how to forward as an attachment here.
For additional information in identifying malicious emails, visit StaySafeOnline for a wide variety of educational resources to learn how to protect yourself, your family, and your devices.