Phishing is when the attacker pretends to be a trusted company, person, or website to obtain sensitive information. Surprisingly, the attacker would create a seemingly legitimate organization or even try to replicate one. From using similar fonts, wording, and typefaces.
- Try to push users with a sense of urgency.
- “Your X account will expire in 24 hours if you do not verify. “
- Links inside messages usually resemble the companies they are trying to copy.
- Usually, a misspelled word is hidden in the link.
- Not all phishing is through email or text message.
- Vishing uses fake caller-ID data to seem like the calls come from a trusted company. Do NOT pick up a call from a No caller-ID or unknown number.
- If you believe something suspicious is happening, then search the number on known scammer sites.
How to prevent Phishing attacks:
- Password management, passwords should be complex.
- Should NOT be your last name or something easy to guess.
- Make sure the email you are getting from an unknown source is legitimate.
- Ask other coworkers or simply look up the email address to look for any scam warnings.
- Do NOT click on the link, hover over the link! (Hovering over the link will reveal the illegitimate URL)
- If you click on the link by accident, close the tab in your web browser immediately and do NOT enter a username and password.
When in doubt, call the HELP DESK at 717-732-8403, option 1 or e-mail us at firstname.lastname@example.org