- Phishing is an illicit attempt to gain personal information which poses as a legitimate request.
- Emails and websites can be made to appear legitimate but often contain clues to their true origin.
- Never send confidential information (passwords, credit card info, social security numbers, etc.) via email.
- Assess the reasoning for the information request. Consider a phone call to verify authenticity.
- If you do accidentally respond to a phishing scam, contact ITS right away.
Phishing is a type of social engineering that lures individuals by making, what appears to be, legitimate requests for your personal data. Most often in the form of an email, criminals pose as trusted sources (like your employer) to trick you into providing a password or account number but instead use this information to cause harm. A second form of phishing takes the form of embedded links in an email which transport you to websites that install malicious code, such as malware, on your device.
According to experts, 156 million phishing emails are sent globally every day and 10% of those make it through filters. Shockingly, eight million messages are opened and 800,000 fraudulent links are clicked. Often, the emails are convincing. Other times, emails contain misspellings, poor grammar and odd formatting – clues that the request is not on the level.
Consider the information being asked and the source of the email. Links can be spoofed (made to appear like they come from a legitimate source). Logos and familiar icons can make an email or website appear to be genuine. Usually, subtle differences are visible that indicate this type of deception. It pays to be diligent and verify the authenticity of any request with a phone call.
Colgate University, and any legitimate commercial enterprise, will NEVER ask you for your password. Hover over links and check their true destination in the status bar (bottom of your web browser). Verify links on a web page in the same manner. Check the web address in the address bar. Pay close attention to the domain suffix (.com, .org, etc.) Does it originate unexpectedly from a foreign country ( .ru, .cn, .tw)? Many phishing scams originate abroad.
Consider what is being asked of you. Is it reasonable or something you requested? Be wary of offers that seem too good to be true – they usually are. Immediately delete suspect emails.
Report all phishing emails to ITS and let ITS know if you clicked on the link.
For more information, visit: https://www.fdic.gov/consumers/consumer/alerts/phishing.html
For more information, contact the ITS Help Desk at extension 7111 or email ITSHelp@colgate.edu.
Contributors: Ellen Holm, Ahmad Khazaee, Kevin Lynch and Mark Hine.