Connecticut State Colleges & Universities
IT Support Center

Information Security Education and Awareness

Phishing


Overview

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

What to look for in a phishing email

  • Generic greeting.
    Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like "First Generic Bank Customer" so they don't have to type all recipients' names out and send emails one-by-one. If you don't see your name, be suspicious.
  • Forged link.
    Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, don't click on the link. Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you don't see "https" do not proceed.
  • Requests personal information.
    The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
  • Sense of urgency.
    Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

  • Spear Phishing

    Phishing attacks directed at specific individuals, roles, or organizations are referred to as "spear phishing". Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.

    The best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.


    How do you avoid being a victim

    https://staysafeonline.org/stay-safe-online/keep-a-clean-machine/spam-and-phishing

    https://www.consumer.ftc.gov/articles/0003-phishing

    To report Phishing attempts contact:

    http://supportcenter.ct.edu/Service/Phishing.asp