How to Spot a Phishing Scam
by Neal Fisch in awareness, counterfeit websites, data security, personal security, phishing scams, security, spear phishing attack, tips 0
We've all received them, emails from a seemingly trusted source like a bank, delivery company or even your own place of employment, claiming there was some type of issue or another requiring you to offer up some personal information or to click on a link or button to help clear the issue up. If you receive an email similar to this DO NOT CLICK ON ANY LINK OR OFFER UP ANY INFORMATION!
This is a common form of security attack called a phishing or spear phishing scam.
Groups attempting to steal personal information will often use e-mails that appear to originate from a trusted source to try and trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site look like they are part of a bank or some other organization the user is doing business with.
For example, it could be a phishing email if...
- There are misspelled words in the e-mail or it contains poor grammar.
- The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords, PINs or Social Security Numbers.
- There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address."
- The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact. For example:
- Phishing website: www.regionsbanking.com
- Real website: www.regions.com
If you receive an email like this and you think it may be fraudulent, please report it immediately to the T&C Helpdesk at X8552, helpdesk@csuci.edu, or infosec@csuci.edu. Our technicians will assist you and instruct you on how to effectively remove it.
Please remember... nobody from T&C will ever ask you for any personal information, including your password!