Information Technology Services

Phishing Protection

🎣 What is Phishing?

Phishing is a type of online scam where attackers impersonate a trusted organization to "fish" for your sensitive information. They use deceptive emails, texts, or websites to trick you into revealing data like your passwords, credit card numbers, or other personal details.

These messages often create a sense of urgency or fear (e.g., "Your account will be suspended!") to rush you into making a mistake. Phishing is the most widely known type of "Social Engineering". You can learn more about phishing below or for a deeper dive, visit our info page on Social Engineering.

😟 Why It's a Threat

When an attacker successfully phishes you, they gain the keys to your digital life.

  • For You: This can lead to identity theft, financial loss from your bank accounts, and unauthorized access to your university and social media accounts. Attackers could even use your account to send malicious emails to your friends and colleagues.

  • For the University: A single compromised account can be the entry point for a major cyberattack. This can result in large-scale data breaches of student records or sensitive research, financial fraud, and even a shutdown of campus-wide IT systems (ransomware).

 🧐 How to Spot a Phish

Always be suspicious of unexpected messages. Look for these common red flags:

  • Mismatched Links: Hover your mouse over any link before you click. The link's destination address will pop up. If it looks strange or doesn't match the sender, don't click it.

  • Suspicious Sender: Carefully check the sender's full email address, not just the display name. Look for small misspellings or an unusual domain (e.g., university-support.com instead of university.edu).

  • Urgent or Threatening Language: Phrases like "Immediate Action Required" or "Account Locked" are designed to make you panic. Legitimate organizations rarely use such high-pressure tactics.

  • Generic Greetings & Poor Grammar: Be wary of emails that start with "Dear Valued Customer" or are filled with spelling mistakes.

 🛡️ Your Best Defenses

Protecting yourself is straightforward if you build these habits:

  1. Enable Multi-Factor Authentication (MFA): This is your single most effective defense. Even if a scammer steals your password, MFA prevents them from logging in without a code from your phone. Turn it on for all important accounts, especially your university login.

  2. Never Share Your Password or One-Time Passcodes: No legitimate organization, including our IT department, will ever ask you for your password via email.

  3. Verify Independently: If you're worried an email might be legitimate, don't use the links or phone numbers in it. Instead, go directly to the official website or call a known public number to verify the request.

  4. When in Doubt, Report It! If you receive a suspicious email in your university inbox, use the new "Phish Alert Button" button in Gmail! This helps protect everyone in our community.

  5. Don't Know It? Don't Click It! Never click unknown links or scan unknown QR codes!