What is phishing?
It's a lot like regular fishing, except you're the fish. Con artists bait you with legitimate looking emails trying to obtain your personal information like your usernames, passwords, credit card numbers, social security number, etc. They are very good at mimicking legitimate sites and will often use their logos, colors, and even include the business's name in the URL of any links provided in the email. This is an example of an actual phishing email sent to the Help Desk.
So how can I tell if the email is legitimate or not?
Use S.C.U.D (Sender, Content, URL, Delete) and you can be the “one that got away.”
Sender: Who's it from?
Look at the "From:" address, not the signature of the email. If the email address doesn't look official, don't click on any of links. Reputable companies have contact information on their website. Contact the company by calling them or emailing them directly.
Content: What are they asking for?
Is there some urgent matter that requires you to enter your username and password before you account is suspended? If so, it's probably not real. Legitimate companies, including the University of Louisiana at Lafayette, will not ask for that information EVER! If they are offering you something that seems too good to be true, it probably is.
URL: Check the link!
Most phishing emails ask you to click on a link, or URL. If anything in the URL doesn’t look right, i.e. the URL ends in something besides .edu , .com, or .org, don’t click on it. Go directly to the company’s website for any information you need. Hover your cursor, don’t click, over the link. Does the address that displays at the bottom left of your screen or in a box below your cursor look legitimate? Does it contain letters or symbols you are not familiar with? When in doubt, always go directly to the company’s website without using the links in the message.
Delete: When it doubt, report it and delete it!
Reputable companies are constantly battling phishing attacks and SPAMmers. (We’ll cover SPAM in another article.) They are not going to intentionally send you something that resembles what they are fighting against. The best way to keep from falling victim to an attack is to report the suspected email to the University Security Team - firstname.lastname@example.org, and delete it – REPORT IT and DELETE IT!
Uh-oh! I think I might be a victim of phishing. What do I do?!
If you gave out any credit card or bank account information or your username and password, don’t panic. The sooner you contact the right people, the less damage the attacker can do to your information. People to contact:
- Credit Card and/or Bank Information – The financial institution that owns the information
- User Account Information – The people that manage your account information