How to Detect Phishing Attacks
Telling the difference between a legitimate email, instant message or popup and a fraudulent one is not easy. If you receive any email or other message on your computer requesting personal information (such as an account name, password, date of birth, or social security number), please review the following information before continuing any further.
Colby Information Technology Services (ITS) will NEVER ask for your personal information over email. Furthermore, you should always avoid sending any personal information via email.
What is fraudulent or ‘phishing’ email?
“Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information. Then a scammer uses the information to open new accounts, or invade the consumer’s existing accounts" (www.ftc.gov)
Job Scams
Email is another medium for job scams. Scammers may advertise jobs with payouts that are too good to be true. These scams make claims of having jobs where you can make thousands of dollars a month working from home with little time and effort.
What to do if you receive email you suspect is fraudulent?
Delete it. These emails are generated by the same computers who bring spam to your inbox on a daily basis.
Call the person who sent it and ask if they really sent it.Never click on a link in a fraudulent email or message—it may make matters worse by introducing viruses to your computer.
Common methods of identifying fraudulent or ‘phishing’ email:
- Claiming to be from a company or vendor that you do not have an account with
- Spelling or grammatical errors in the subject line or text
- Vague references in the subject line or text, such as ‘RE: Your Account’ or ‘Dear Valued Customer’—if they know you have an account, they should know who you are
- Requests for unnecessary or irrelevant information (such as a date of birth)
- URL/website links within the message, such as unnamed (direct IP address, i.e. http://10.42.107.92) and manipulated or invalid host names (the name does not match the vendor’s or has been manipulated).
- A sense of unexpected urgency in the request
- The sender claiming they are unable to talk on the phone or in person
Test yourself. How well can you identify fraudulent email?
https://www.sonicwall.com/phishing-iq-test/
Steps to take if you have responded to a phishing attempt?
If you think you may have accidentally responded to a phishing attempt, make sure to immediately change any accounts or passwords that may have been compromised. If it is a Colby account, follow the instructions here: https://colby.teamdynamix.com/TDClient/1928/Portal/KB/ArticleDet?ID=141586. If it is a vendor (bank, credit card, online merchant) account, contact that vendor to have your information changed.
As always, if you have questions about email fraud or computer security, contact Colby ITS support desk for assistance – support@colby.edu or ext. 4222.