What is Phishing?
Phishing is when scam artists send official-looking emails, attempting to fool you into disclosing your personal information — such as usernames, passwords, banking records, account numbers, or social security numbers — by replying to the email or entering it on a website. Phishers pretend to be from a legitimate bank, organization, government agency, or store, or claim to be the host of a lottery or contest. Some even imitate the University’s IT Help Desks. Any information they’re able to get from you can be used to steal your identity, commit financial fraud, or other malicious purposes. By understanding their tactics and taking proactive steps, you can significantly reduce your risk of falling victim to these scams.
Common Phishing Tactics:
- Email Phishing: Scammers send emails that appear to be from legitimate sources, such as banks, government agencies, or trusted companies. These emails often contain links or attachments that, when clicked or opened, can lead to malware infections or the theft of personal information.
- Smishing: This is a variation of phishing that occurs via text message. Scammers send messages that appear to be from legitimate sources, often urging you to click a link or call a number where theft of information occurs.
- Vishing: This is a voice-based phishing attack where scammers call you, posing as legitimate representatives of businesses, organizations or someone you know. Vishing uses social engineering tactics to trick you into providing personal or financial information.
- Quishing: This is a type of phishing attack that uses QR codes to deceive you. QR codes are barcodes that can be scanned with a smartphone camera to access information or perform actions. In a quishing attack, a QR code leads you to a malicious website or automatically downloads malware when scanned.
How to Protect Yourself from Phishing:
- Be Skeptical of Unexpected Communications: If you receive an unexpected email, text, or call requesting personal information, be suspicious and cautious.
- Verify the Sender: Before clicking on links or opening attachments, verify the sender’s email address or phone number by contacting the sender at a known legitimate email or phone number.
- Avoid Clicking on Suspicious Links: If you receive an unexpected email or text with a link, avoid clicking on it unless you are absolutely sure it is from a trusted source. Instead, type the URL directly into your web browser. Legitimate businesses typically won’t send sensitive information via email attachments.
- Be Wary of Urgent Requests: Phishers often create a sense of urgency to pressure victims into acting quickly. If you receive a request for immediate action, take a step back and verify the information before responding. Be wary of emails that demand immediate attention or threaten consequences.
- Report Phishing Attempts: All UR, URMC and Affiliates workforce members and students who receive suspicious e-mail should report them immediately to abuse@rochester.edu. Send obvious phishing emails as well as those you are not sure about to abuse@rochester.edu. Remember, if you see something suspicious, report it! Learn how to properly forward suspicious emails at https://tech.rochester.edu/suspicious-email-forwarding-instructions/
By staying informed about phishing tactics and following these protective measures, you can significantly reduce your risk of becoming a victim. Remember, if something seems too good to be true, it probably is.
Additional Resources:
Visit our NCSAM page for more information and games related to this week’s tip.