What is phishing? Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. It is a form of cybercrime. The training video linked below highlights steps you can take to protect your passwords and account information from being exploited.
If you unintentionally fall victim to a phishing scam, see Recover from a Phishing Scam.
Keep Your Password Private
NEVER give your login information to another person for any reason. That includes parents, significant others, classmates, roommates, professors, etc.
IT staff will NEVER ask you for your password. No one on campus should ever need your personal login information.
Any person who needs legitimate access to our campus systems should have their own credentials.
Remember: Passwords are like underwear & toothbrushes: change regularly and don't share!
If You Receive a Phishing Message
While most troubled email messages are filtered out by Gmail before reaching your inbox, a few items will reach you.
Report the message as phishing within Gmail so that it is filtered out of others’ inboxes. While viewing the message in your web browser, click the down-pointing arrow in the upper right corner of the message, and select the “Report phishing” option.
Types of Phishing
- Spear phishing: phishing attempts directed at specific individuals or companies.
- Clone phishing: a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original.
- Whaling: phishing attacks directed specifically at senior executives and other high-profile targets within businesses.
- Phone phishing: messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.
- SMS phishing: cell phone text messages designed to induce people into divulging their personal information.
Clues to Look For
The following are clues that can help identify a phishing message.
It may or may not be from a non-valpo.edu email address, and the To: field may or may not be blank.
It references a vague technical-sounding phrase hoping to trick you into blindly following instructions.
The website referenced in the message is not within valpo.edu, and is not a secure (https) site.
It doesn’t include the name or contact information of any legitimate Valpo department or staff members.
The message has spelling errors, incorrect grammar, strange capitalization, odd spacing, and poor punctuation.
Always contact the Help Desk if you receive a message and are unsure of its validity. This helps us track how widespread the problem is, and better protect you and your information.
Still need help?