Phishing
Phishing attacks use email or malicious websites to collect personal and financial information or infect your computer with malware and viruses. Many times, these attacks begin with a cyber criminal sending a message pretending to be from someone or something you know, e.g. a friend, your bank, PayPal etc.
Spear phishing scams or CEO fraud refer to highly specialized attacks targeting a specific organization. Often times, the cyber criminal will make the scam appear to come from an influential person at that organization. Because people at the organization are familiar with the person and they hold a position of authority, people pay more attention and this is what the sender is taking advantage of. These types of scams have become increasingly popular over the last few years and a wide range of organizations have been targeted.
Phishing and other scams are not limited to just email. They are also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.
How you can recognize a phishing email:
Check the email address. If the email appears to come from a legitimate organization, but the FROM address is someone's personal account such as @hotmail.com this is most likely a phishing scam.
Does the email address you by your name or something generic such as "Dear Customer?" If a trusted organization has a need to contact you, they should know your name.
Watch for grammar and spelling errors.
Phishing emails often call for "immediate action" or create a sense of urgency in other ways. Scammers are using this as a technique to rush you into making a mistake.
Be careful with links and only open the ones you are expecting. Also, hover your mouse over the link and see if the destination matches what you are expecting. Similarly, only open attachments you are expecting.
How you can avoid phishing scams:
Don't reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in emails.
Before sending sensitive information over the Internet, check the security of the website (https).
Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement or other document, not information provided in an email. Alternatively contact the IT Help Desk to learn about known phishing scams.
Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.
What you should do if you think you have been scammed:
Immediately contact the IT Help Desk to report the scam and have your password changed! We will assist you with any further steps.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close the accounts. Otherwise, watch for any unauthorized charges to your account.
Reporting Phishing Scams
Employee Email (Outlook)
Please forward the email with full email headers to helpdesk@emporia.edu. This can be done by forwarding the email as attachment.
Learn how to do that here.
Student Email (Gmail)
You can forward the email with full details to helpdesk@emporia.edu. Learn how to do that here.
In addition, please report all phishing and spam directly to Google. Learn how to do that here.