WHAT IS PHISHING?
Phishing is when scam artists send official-looking emails, attempting to fool you into disclosing your personal information — such as usernames, passwords, banking records or account numbers, or social security numbers — by replying to the email or entering it on a phone website. Phishers can pretend to be from a legitimate bank, organization, government agency, store, or claim to be the host of a lottery or contest. Some even imitate individuals from the Bucknell community.
WHY SHOULD I CARE ABOUT PHISHING?
Phishing scams can come to both your Bucknell email, as well as your personal email account. You should be vigilant about both accounts, as both accounts could have access to your personal information (bank information, social security numbers, grades, etc.).
HOW CAN I IDENTIFY MALICIOUS EMAILS?
-
Identify the Sender. Do you know this person? Were you expecting email from this person or does it fit in with your job role? If not, it is probably suspicious.
-
Reply-to. If the Reply-to address is different from the sending address, this should raise your suspicion about the whole message.
-
Links and Attachments. If you were not expecting an attachment or a link, and you do not know the sender, do not open it! If you are not sure, check with the sender by phone (don’t use a phone number in the email), otherwise report it.
-
Grammar and Tone. Many of the malicious emails sent have poor grammar, punctuation and spelling. In addition, you should know how your co-workers communicate. Does this message sound like them? If not, it is probably malicious.
-
Emotions. Be wary of any e-mails trying to cause certain emotions. The most commonly-used malicious emotions are:
-
Greed. Messages offering or promising you money by clicking a link or giving away information are usually.malicious. If it seems too good to be true, it probably is.
-
Urgency. Unusually short deadlines create a false sense of urgency to act. Attackers employ this technique to confuse the recipient.
-
Curiosity. Attackers take advantage of our curiosity by promising something exciting or prohibited content.
-
Fear. Threatening recipients with negative consequences is a common tactic to generate responses—things such as threatening to shut off accounts or legal action.
TIPS TO AVOID A PHISHING SCAM
-
Be on the lookout for suspicious emails or text messages. Legitimate, responsible companies will never solicit personal information over email. Never reveal personal or financial information in response to an email request, no matter who appears to have sent it.
This is an example of a phishing email. Please note the red arrows as they are indicators that the email is not legitimate.
-
Don’t click on links or attachments in suspicious emails or text messages. Instead, visit the mentioned website directly by using a search engine to locate the real site. Hover over the link within the email. If the web address listed by the search engine and the address in the email do not match, the email is most likely a phishing attempt or spam, and you should mark it as spam and delete it.
NOTE: If you click on a link from an email, and it prompts you to login, stop and verify that the webpage is using a “bucknell.edu” web address. Below is an example of a phishing link that appears to be Bucknell’s login page, but is actually a fake website (bucknelluniversity.org) designed to steal your username and password.
These fake websites can even prompt you for an Duo multi-factor authentication from your phone, very shortly after entering your account credentials.
-
If you are still tempted to click, pick up the phone instead. If the message looks real and you are really tempted to respond, instead look up the phone number of the individual and call them. Do not use any phone number in the email because it could be fake. Ask if the message was actually sent by the person and if you can take care of any issues over the phone instead.
-
Change your passwords regularly. Whether or not you’ve fallen victim to a suspicious email, it is best to practice safe security by changing your password on a regular basis.
HOW CAN I REPORT SUSPICIOUS EMAILS?
All Bucknell users who receive a suspicious email should report it immediately to techdesk@bucknell.edu or by calling (570) 577-7777. Even if you are not sure, it is better to have the message checked first. Remember, if you see something suspicious, report it!