When criminals go phishing, you don’t have to take the bait.
Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information, or installing malware on your device. Common phishing messages contain links to try to steal your username and passwords; however, not all phish contain links. A frequent type of phish we see are fake job offers or volunteer opportunities where the attackers asks you to reply with personal information or from a personal email address. It’s easy to avoid a scam email, but only once you know what to look for.
See it so you don’t click it.
The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Here are some quick tips on how to clearly spot a fake phishing email:
- Contains an offer that's too good to be true
- Appears to come from a "VIP" or someone else whom you don't normally communicate with
- Language that's urgent, alarming, or threatening
- Poorly-crafted writing with misspellings, and bad grammar
- Greetings that are ambiguous or very generic
- Requests to send personal information
- Urgency to click on an unfamiliar hyperlinks or attachment
- Strange or abrupt business requests
- Sending e-mail address doesn’t match the company it's coming from
What does an example of a phish look like?
Phishing messages can take many forms, including SMS messages, and vary in how they look. It's important to know the indicators mentioned above to confidently identify if a message is a phish. Here is a common example of an "EMPLOYMENT OPPORTUNITY". These unsolicited job opportunity phish are commonly spread at colleges and universities. Here are some of the indicators that the message is a scam.
The answer to #1 is that it is likely the phisher used an email template and didn't update this. Make sure you pay attention to these types of oddities where a message does not make sense.
The answer to #2 is that personal email addresses generally lack the protections of a work or school email account and it is easier to compromise a personal account.
Oh no! I see a phishing email. What do I do?
Don’t worry, you’ve already done the hard part which is recognizing that an email is fake and part of a criminal’s phishing expedition.
If the email came to your UA email address, report it using Outlook's "Report" feature, as quickly as possible.
If the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply back to the email. JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.