Have you ever received an email requesting your personal information or encouraging you to click on a link? If so, such email could be a phishing attack – a criminally fraudulent attempt to trick, mislead, or persuade you into disclosing your personal information. Phishing may be in the form of a URL, pop-up, text message, telephone call, etc. One way to avoid becoming a victim of phishing is to practice hovering over links in order to inspect them before clicking.
Why Are Phishing Attacks Dangerous?
You are at risk of having your identity stolen and your personal assets hijacked when you click on links within phishing emails and respond to requests such as “enter your WebID/password” or “provide your bank account information.” For example, your UM WebID and password could be stolen, giving someone else access to everything you do online at the University of Mississippi. Phishing attacks usually appear to come from a legitimate source (University of MS, the IT Helpdesk, or your bank) and often express a sense of urgency for you to enter your personal information: “your account will be blocked”; “account validation is required immediately.”
Other red flags may include spelling and grammar errors, your email address listed in the “From” area of an email, missing punctuation in URLs, and the use of plain text (absence of logos).
How Do I Identify Phishing?
Hovering your mouse over links is one technique used to identify phishing attacks on websites or in emails. When you rest the pointer over the item (link or name in the “From” column) without clicking, you can see more information. You will be able to view if the email or link is recognizable. For example, olemiss.edu would not come from olemiss.com. Additionally, the University will never send emails asking for your account or personal information , to verify your login credentials, etc. If the email appears to come from a known source, but you are still in doubt, contact the source directly to inquire about it.
Phishers can make emails look authentic, but you should practice being suspicious and cautious of possible phishing attacks. See the following examples that you may have received on our campus:
- “Re-Validate Your myOleMiss WebID/Password”
- “View Your 2015 Upcoming Pay Raise Increase”
- “Webmail Upgrade”
- No subject
Email “From” Addresses:
- “Email Support Team”
- “IT Helpdesk support .com”
- “Ole Miss Security”
- Unrecognizable Email address
- Provide the following information to view important information regarding your Bancorp South account: Username: Password:
- “ http//myolemis<>login<portal” ( illegitimate link – correct format (http://) not used, myOleMiss misspelled, uses “<,>” symbols)
- “http://newwidjets.com/olemiss.edu/login.php” (This is a phishing URL that has olemiss.edu in it, but olemiss.edu is in the wrong place.) Important tip for hovering over links to websites that are hosted by the University of MS: Always look for olemiss.edu to come immediately after http:// or .olemiss.edu to follow https://name of a UM Web server (i.e., before the first single forward slash, e.g., http://olemiss.edu/ or https://secure1.olemiss.edu/).
How do Phishers Retrieve My Email Address?
Phishers may perform detailed research using directories or a database of email addresses obtained from Internet service providers, government agencies, employers, etc. For example, phishers may target geographical regions and locate employers that may have email addresses listed. Bottom line, this information (your email address) may be available anywhere making you a possible target. However, you can protect your information by using such tactics as hovering and increasing your knowledge of identifying phishing attacks.
How Do I Report a Possible Phishing Attack?
If you should have any questions about more preventive phishing tactics and solutions to handling or decreasing phishing attacks, please contact the IT Helpdesk at firstname.lastname@example.org or 662-915-5222. If you think you have released your personal information to some form of phishing: Directly contact the sender (if known) or the business via the correct email address, contact information located on the actual web site, etc.; DO NOT reply to the email or follow links in the email. Other possible precautions are to change your password and talk to representatives to place alerts on your credit reports/bank accounts. For more information on phishing, visit the IT Security website. See other related articles: Online UM Security Awareness Training and Protect Your UM Passwords .Tags: Email, Hover, IT Security, Phishing, Scam, Spam