Phishing is an attempt to trick you into revealing private information. Emails, texts, or phone calls can “fish” for information by trying to lure you into giving passwords, credit card numbers, etc., to a malicious third party. Report suspicious emails and phishing scams to firstname.lastname@example.org
- Legitimate companies do not ask for personal info via email or text.
- Messages may appear to be from organizations you do business with.
- Sense of urgency: Messages may include threatening statements to close an account if you fail to respond, often indicating that such threats will be executed “immediately.”
- Obvious grammatical errors, spelling errors, and strange word choices. Messages from legitimate companies are usually written by professional communicators who won’t make such errors.
Sample phishing email:
Date: Thursday, March 8, 2010 01:38:48 -0500From: WEBMAIL SERVICEDESK <email@example.com>1
To: Undisclosed Recipients
Subject: UPGRADE ACCOUNT QUOTA
Attn: Staff and Student: 2
This message from the educational webmaster is to remind you of the upgrade to your mailboxes coming soon. The webmail account team will be moving our data base and we need to confirm you are still a student.
We are deleting all of the unused accounts (wsu.edu) to create more space. If your account isn’t responding to us it will be permantently3 deleted. We have been sending this message to all of our wsu.edu webmail account owners so it is the last notice/verification for you.4
Confirm your account information below:
Email Account Username: ___________5
Or visit http://wsu.webformsonline.tt/surveys/0fisa09ls6 and complete the questions there.
Warning: This message was authorized7 by the webmail account team and is confidential.
Do not forward!
- Sender’s email address: Official WSU communications will always be sent from a wsu.edu address. However be cautious, just because it does come from a wsu.edu address does not guarantee that it is legit either.
- Impersonal or awkward greeting: Most phishing emails do NOT refer to the recipient by name.
- Spelling: Official emails should not have spelling or grammatical mistakes.
- Ultimatum: Urgent warning attempts to scare you into responding quickly and without thought.
- WSU will never ask for your password or other personal information via email.
- Bogus URL: Official WSU websites will always end in wsu.edu. Website URLs are easily obscured. DO NOT click. Instead, hover over the link to verify destination URL.
- Security disclaimer: This does not mean the message is genuine.
- No signature or contact info: Official WSU business will always include WSU phone, email, and web address.
- If you think the message might be legitimate, or if you’re worried about the consequences of ignoring it, look up the organization independently and contact them directly.
- Do not click on links or call phone numbers provided in the message. They may redirect you to fake sites that mimic the real thing.
- Do not send your password via email.
- Only sign in if you are 100% sure you are on the real site.
- Report suspicious emails and phishing scams to firstname.lastname@example.org.