Phishing
What Is Phishing?
Phishing is a social engineering technique in which an attacker tricks you into revealing private information. Phishing attacks typically begin with an email pretending to be from someone you know or trust, such as a friend or company. From there, the attacker may ask you to click on a malicious link or open an attachment containing malware.
In most cases, opening, reading, and deleting a phishing email is safe. For most attacks, you have to do something after reading the email, like opening an attachment or clicking on a link.
How to Recognize Phishing Emails
The following are factors to consider when you are suspicious of an email:
Message contents:
- Requests for your private information
- Username and password confirmation
- Messages that induce panic, such as a purchase on an account, account deactivation, or a traffic ticket
- Links to documents in Drop Box, Google Docs, OneDrive, or SharePoint
- Requests to verify your account for websites you are not familiar with
- Generic signatures that are attempting to impersonate a UTC employee
As a rule of thumb, IT will never request you to verify your UTC account or ask for your password. Always question what an email is requesting from you.
Subject lines:
- Vague subjects such as, "Hello" and "Re:"
- Subjects asking you to call or text someone
- Lines that incite urgency
From address:
- Senders that claim to be your colleague or a company having @gmail.com at the end of their accounts
- Inconspicuous typos in the sender's email
Official communications from UTC will come from an email ending in @cnydh.net. Communications from IT may also come from emails branded as TeamDynamix.
Get Help
The Office of Security has also created a way for users to view the latest phishing emails going around campus. Visit phishbowl.cnydh.net for more information! If you receive a suspicious email, forward it to [email protected] for help.