What is Phishing?
"Phishing" messages are fraudulent e-mails sent by criminals (such as identity thieves and hackers) that try to trick recipients into doing their bidding. The motives behind phishing are myriad, but common objectives include:
To this end, they are designed to mimic genuine e-mails from real organizations in order to create trust. However, many phishing e-mails contain "tells" that can help users identify and steer clear of them.
How to Identify Phishing
Phishing e-mails often possess certain traits that give away their true purpose. Here are some common signs that an e-mail may be a phishing attempt:
Requests to send personal information via e-mail
- Neither UW-Green Bay nor any other reputable organization should ever ask you to furnish sensitive information (such as your password or Social Security number) by e-mail.
- If ever in doubt, contact the purported sender by phone or in person. They should be able to verify for you whether or not the message you received is legitimate.
A scammer might ask you for information like your full name, contact address, phone number, age, or more.
Unreasonable urgency or use of fear tactics
Uncharacteristic errors or unprofessionalism
Invitations or attachments you weren't expecting
- Many phishing scams involve distributing fake invitations or malicious attachments. Spearphishers (phishers who target individual people) may imitate someone you know in order to make this sort of scam appear more trustworthy. Therefore, even if they look like they came from someone you trust, be wary of invitations or attachments unless you were already expecting them. If in doubt, you can always ask the purported sender in person or by phone to find out whether it really came from them.
- One particularly popular variant of this attack involves trying to trick recipients into opening a malicious file by hiding it behind a service like Google Drive, Office 365, or Dropbox. Because these invitation e-mails are usually sent from an address belonging to the file sharing service rather than the person offering the invitation, this tactic allows phishers to skirt spam filters and leverage the trust that users place in these legitimate, widely-used products. Keep a close eye out for these.
Finally, remember that, as the old adage goes, "If it's too good to be true, it usually is."
How to Avoid Phishing
Here are some actions that students, faculty, and staff can take to protect themselves against phishing:
Verify links by hovering or long-pressing - look before you leap!
Don't use your UW-Green Bay e-mail for personal business
Trust, but verify - don't be afraid to pick up the phone!
If you receive a suspicious-looking e-mail from a fellow student or coworker, it may be that they're being impersonated or that their e-mail account or computer has been compromised by a phisher. If in doubt, ask them by phone or in person whether the message they supposedly sent is legitimate or not.
Practice makes perfect
How to Report Phishing
Found an e-mail that looks suspicious? Phish Wanted! Please forward the email as an attachment to firstname.lastname@example.org.
Click here for a Phish wanted poster that you can print and keep near your workstation as a handy reminder of what to look out for in a suspicious email.