Phishing

Do Not Feed the Phish

Just as a fisherman throws out a baited hook in hopes of luring a fish, Internet “phishers” also cast out shiny, attention-getting messages in hopes of reeling in an unsuspecting victim. “Phishing” refers to Internet crooks sending e-mails, texts, or instant messages urgently requesting personal information, such as passwords or credit card numbers, in the hopes that an unsuspecting recipient will take the “bait.” These messages purport to be from a legitimate company, even sometimes from FSU! In reality, they are attempts at tricking you into revealing sensitive, personal information. FSU personnel will NEVER ask for your password by any means. If you receive an email, phone call, etc. asking for your password, it is most likely a phishing attempt so do not give out your password.

Here are 9 tips on how to identify a phishing or spoofing email.

  • Tip 1: Don’t trust the display name

    A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Return Path analyzed more than 760,000 email threats targeting 40 of the world’s largest brands and found that nearly half of all email threats spoofed the brand in the display name.

    Here’s how it works: If a fraudster wanted to spoof the hypothetical brand “My Bank,” the email may look something like:

    Shows email from address as: acccounts@secure.com

    Since My Bank doesn’t own the domain “secure.com,” this is a very good sign that this email is a scam. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. For example, an email may appear to be from FSU IT Help Desk, however when you look closely at the “From” address, instead of coming from ithd@frostburg.edu, it actually comes from a strange domain such as frostburg@iwillscamyou.com. Don’t trust the display name! Always check the “From” address- if it looks suspicious, don’t open the email.

  • Tip 2: Look but don’t click

    Hover your mouse over any links embedded in the body of the email, or hold your finger down over the link on a mobile device. The true destination of the link will appear. If the link address looks weird, don’t click on it! See the examples that claim to be from Verizon below but are really not:

    Mouse hovering over link to display target URL

    Displaying target URL on a mobile device

  • Tip 3: Check for spelling mistakes

    Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

  • Tip 4: Analyze the salutation

    Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

  • Tip 5: Don’t give up personal information

    Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.

  • Tip 6: Beware of urgent or threatening language in the subject line

    Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”

  • Tip 7: Review the signature

    Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

  • Tip 8: Don’t click on attachments

    Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

  • Tip 9: Don’t believe everything you see

    Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

IT Help Desk

We are here to help!
Phone: 301.687.7777
x7777
Available 24/7
Location: Gira Center Room 123
Email helpdesk@frostburg.edu
Walk-In Service Hours
Sunday: 3:00pm - 10:00pm
Monday: 8:00am - 10:00pm
Tuesday: 8:00am - 10:00pm
Wednesday: 8:00am - 10:00pm
Thursday: 8:00am - 10:00pm
Friday: 8:00am - 5:00pm
Saturday: 1:00pm - 5:00pm

Sign up for BURG Alerts BURG Alerts
Sign up for text
messaging alerts

Microsoft Office 365 and Cloud Services