Be Aware of Phishing Scams and How to Detect Them
January 22, 2019
In recent weeks, an email and phishing scam was distributed to Webster recipients. The subject line was “Part-time job opportunity” and included a link with information and an application to a supposed job opportunity. It was signed “Job Placement and Student Services.”
This is neither a valid Webster department nor a legitimate email. Please delete this and any similar message and never open any attachments or click on any links within such messages. This particular message is just one example of a fraudulent email.
While Information Technology takes measures to filter spam and scan emails at the server level, these can never be 100 percent effective in blocking all suspicious emails. Please take a few moments to review these security awareness topics to help ensure your personal data remains confidential and secure.
What is Phishing?
Phishing is an attempt (usually in the form of an email, web page, or phone call) to steal your personal information. These messages often appear to come from a legitimate source and request that you respond with personal information such as passwords, download an attachment, or direct you to a spoofed website that mimics a logon page or otherwise requests you to divulge login or financial account details. Attachments and phishing web pages may also have the ability to transfer malicious software onto your computer meant to capture login information. The perpetrators behind these scams try to induce panic by threatening account closure or email loss if you do not take action. Their ultimate goal is to steal your account information, finances, or even your identity. Please be diligent in protecting yourself from these scams.
What Do Phishing Messages Look Like?
Phishing attempts can take several different forms. The most common are ones that ask you to verify your account information for some reason. For instance, they may say there was a security compromise, that they need to verify your account is still in use, that you’ve reached your quota, etc. These messages will often say if you don’t respond, your account will be closed or locked. Webster University and all reputable businesses and organizations will never send messages requesting you provide logon and/or financial account credentials. Please treat ALL such messages as fraudulent.
Other phishing attempts can appear to come from a manager or president of an organization asking you to download an attachment with important information (or view a link). These can often contain malicious software or keystroke loggers meant to capture login credentials.
In general, please be on the lookout for these red flags that often indicate a phishing message:
- Incorrect spelling and/or bad grammar
- Threats of account shutdown
- Promises of money and/or requests for money and bank account transfers
- Requests for private or sensitive information
- Unexpected email attachments
- Spoofed links/web pages (links that appear to go to a legitimate web site but upon hovering your mouse over the link actually point to a different [and malicious] web page altogether)
Avoiding Phishing Attempts
You are your best resource to prevent becoming a victim of phishing. Here are some general best practices:
- Keep logon information private and secure. NEVER provide these details to others, especially via email.
- Choose passwords that contain a mix of upper and lowercase letters, numbers and special characters.
- Read email messages in plain text.
- Never open attachments or click on links that you aren’t expecting. Hover your mouse (without clicking) over links to verify the URL matches the text in the email link. If a message appears to come from someone you know, phone that person directly and ask if they sent you the message/file.
- Verify the “From” address matches the sender.
- Only logon to secure web sites. These are sites that begin with “https://” and should show an icon of a closed lock in the address bar. Always logon to your accounts by typing the URL directly into your browser. Links in phishing messages will often take you to a spoofed web page that looks like the real one.
- Regularly clear your browser cache and cookies. Refer to your browser’s help menu/documentation or contact the Service Desk for assistance with this.
- Always error on the side of caution.
What If I Receive a Phish/Respond to a Phish?
If you receive a phishing message, please delete it right away and do not click on any provided link or attachment. If your deleted messages go to a secondary “Deleted Items” folder, be sure to delete the message from there as well to permanently remove it.
If you are unsure of the legitimacy of an email or if you have replied to a phish by providing your logon details, clicked on any of the provided links or downloaded an attachment in one of these messages, please contact the Service Desk as soon as possible for further assistance. You can reach the Service Desk by calling 314-246-5995 or toll-free at 1-866-435-7270. You can also reach the Service Desk via email at email@example.com.