What to do about Phishing?
What is Phishing?
Phishing is fraudulent email designed to get you to click a link and provide sensitive information (like a username and password or personal information) These emails are common and often appear to be from a legitimate source. They may even appear to have company branding and logos in the message to make them appear more legitimate.
Why does it happen?
Phishing is a form of hacking called social engineering that's designed to get sensitive information from a legitimate source. It's often used when hacking on a technical level would be difficult and relies on social tactics to gather information that's not publicly available.
How do I know if a message is phishing or legitimate?
Phishing is carefully designed to appear to be legitimate email, identifying it can, at times, be difficult. Please keep the following in mind when evaluating a message:
- Trent IT will never send you a message containing a link outside of Qualtrics surveys.
- Phishing messages generally refer to an urgent need - the impending deletion of your account, or a quota usage. Trent IT does not communicate this information in this manor.
- Phishing messages generally contain spelling or grammatical errors.
- For more tips on identifying phishing messages please see https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/
What should I do if I get a phishing message?
Phishing is generally benign until a link is clicked. The object of a phishing attack is to gather information and phishing messages are usually distributed to thousands of recipients. If you receive a phishing message:
- Open your web browser and check the IT Twitter feed at https://twitter.com/trent_it. New phishing attacks will be posted on the Trent IT Twitter feed.
- If the phishing message is listed on the IT twitter feed, please do NOT forward the message to email@example.com - A side effect of phishing is the added expense of time needed to reply to reports by well intentioned users. In 2016 alone, Trent IT estimated it replied to over 700 reports of phishing emails.
- If a notification on the IT Twitter feed is not present, please forward the message to firstname.lastname@example.org
- Delete the message
What should I do if I've clicked a phishing link, and provided details to a fake website?
- If you have clicked the link or provided details to a website you feel may not be legitimate please contact the IT service desk by phone at 705-748-1010
- Professor Emeriti