Topics Map > UWP Help Desk
Topics Map > CyberSecurity
Topics Map > UWP Computer Lab
CyberSecurity - What is Phishing?
The purpose of this article is to provide instructions what Phishing is.
What is a Phishing attack?
A phish is an email which is made to look as though it’s from a friend, a business or an organization. The email can come from a phony email address that may be only one or two characters different from the real account, or it can come from a real account that has already been compromised.
Among the many entities from which a phish pretends to originate, a phish can be made to look like an official email. In the case of our university, the attacker’s goal would likely be to steal your UW-P account and password. Regardless of the type of phishing email, all attacks will typically link to an outside website and ask you to provide your credentials.
Once attackers possess your credentials and your account is compromised, phishers can hide their activities through redirecting, deleting or forwarding emails that may catch your attention. In other words, you will not see any change to your account and will not know that there is someone else accessing your information.
What should I look for?
So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no single technique that works in every situation, but there are a number of things that you can look for.
1: Mismatched URLs
Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
2: Poor spelling and grammar
Bad spelling and grammar are telltale signs of phishing. If a message is filled with poor grammar or spelling mistakes, it probably didn't come from a reputable organization.
3: The message asks for personal information
No matter how official an email message might look, it's always a bad sign if the message asks for personal information. A reputable company should never send an email asking for your password, credit card number, or the answer to a security question.
4: Too good to be true
Remember the old saying, if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
5: I won the lottery!
If you get a message informing you that you have won a contest you did not enter, likely the message is a scam.
6: Asked to send money
Phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, likely it’s a scam.
7: Unrealistic threats
Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it's probably a scam.
8: The message appears to be from a government agency
Phishing artists who want to use intimidation don't always pose as a bank. Sometimes they'll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.
9: Something just doesn't seem right
This principle always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.
How can I protect myself?
The simplest way to protect yourself from a phishing attack is by securing your passwords and other personal information.
· Never give your password to anyone.
· Never click on links in emails unless you verify that the sender is who he or she claims to be and acknowledges sending the email.
· If you get a suspicious email and are worried that there may be a real problem with your account, open up a new browser window and go directly to the site and sign in there.
· Don’t panic. If you receive an email that urges you to take immediate action be cautious and try to first verify the source.