Phishing and You
Phishing is one way of "trolling for computer user fish" who will bite on the bait and click that link. The bait can be subtle and looks like something official from your bank, eBay, Facebook, etc... But if you click the link, you could unknowingly hand your password to hackers. Here's what to look for and how to protect yourself from phishing attempts.
These phishers are very good at making these scams look real by using the graphic logos, fonts, and colors used by name brands in their email communications to make counterfeit phishing emails. If you look carefully, you may see one or more of these telltale signs:
- "Dear Valued Customer..." instead of your name or unique user ID is a tip that the phisher doesn't know who you are. If it really was Paypal, for example, the greeting would be "Dear (first name, last name)".
- A Web link that doesn't point to where it should is an attempt to get you to click on a URL that will take you to a fake phishing Web site. Hover your pointer over the link and the underlying URL will appear in a mouse-over window. If the email says "click here to log into your bank account" but the URL contains some unfamiliar domain name, it's probably a phish. Don't be fooled by URLs spelled out in text in the email; the underlying URL may be totally different from what you see at first glance.
- Slightly misspelled domain names often go unnoticed. "EBAV.COM" looks a lot like "EBAY.COM", doesn't it? But the "ebav" domain is someone else's site, and you don't want to go there.
- Pressure to do something foolish is a favorite phishing tactic. "Reply with your password within 24 hours or your account will be closed!" No legitimate business will make such a demand. "Send money to cover processing" of your alleged lottery winnings is another clue.
- "Friendly phish" appear to be from someone you know personally. Perhaps your cousin's Facebook account has been hijacked and was used to send you a phish. If it doesn't sound like the cousin you know, pause before you reply or do what "cousin" says. It's a good idea to contact the person by phone, text or email to see if they're aware of the shenanigans.
Phone phishing relies on the unreasonable yet actual tendency to trust telephones more than the Internet. "Please call this number to speak with a customer service rep" often leads only to an automated system that demands your name, checking account number, online account username and password, Social Security number "for verification", and other data you wouldn't dream of sending over the Internet. Except now you're telling this information into someone's digital recorder! Legitimate businesses do not ask customers for such data by phone or over the Internet.
When in doubt, just ask us! We're more than happy to take a look any message you receive to check its legitimacy and make sure that you are protected! We can be reached at 315.443.2677 or help@syr.edu. Our hours can be found here.
Got phished or interacting with suspicious emails or messages? Be sure to secure your account and information using the instructions on the Got Phished! Now What? page.