Phishing is a cyber crime where well designed and legitimate looking emails and pop up messages lure victims into revealing their username, password, credit card number, Social Security number, or other sensitive information. Even though the problem is not new, there never seems to be a shortage of victims.
The Phishing messages used look authentic to the kind of communication you would expect to get from institutions you trust. Messages used in Phishing scams often are identical from those used by the banks, schools, and merchants you deal with. However, you should never trust email or pop up messages that ask you to confirm, validate, or update your information by responding to the email or by following a link. The Virginia Tech community is not immune to Phishing attempts. Virginia Tech will never send a message to you asking you to validate, confirm, or update your personal information and passwords.
Phishing emails often have the following characteristics:
- Phishing emails will ask you to reply with needed information such as username and password. sometimes the will ask for other items such as your social security number or date of birth.
- Phishing emails may ask you to click on a link inside the email. The link will often lead you to another site to ask you to fill out a form supplying information or it may download information stealing malware.
- Cyber criminals will often use phishing emails with attachments that when opened can infect your machine with malware.
- Phishing emails can have a forged sender’s address to mask the cyber criminal's identity and make the email seem legitimate.
- Cyber criminals can also create hyperlinks inside of emails that are misleading.
Spear Phishing has become more common at Virginia Tech. Spear phishing is a targeted phisihing attempt against an individual or group and appears to come from a trusted source. The emails are crafted to look like they appear to come from an organization that you work with or contain information that you might find interesting.
Never respond to messages that ask you verify, update, or validate information they should already have.
- Never reply to any message of email that asks for your PID, password, account information, or anything else that would be considered sensitive.
- Never click on a link in a message or pop up.
- Never call phone numbers that are provided in messages that ask for personnel information.
- Keep your anti-virus software up to date and your firewall up to date. Even though anti-virus cannot stop you from simply telling someone your personal information, it may protect from malicious software installations.