Understanding and Identifying Phishing Attempts

Body

In this article:

What is phishing?

Phishing is a form of cyber crime in which targets are tricked into providing sensitive data such as personal information, financial details, and passwords via phony emails, phone calls or text messages. The information provided is used to access these accounts, resulting in identity theft and financial loss. Often, attackers will harvest contacts from your address book and extend their attacks to other, using a legit email address as cover.

Common attributes of phishing emails

Here is an example of what a phishing email message might look like:

  • Bad spelling/grammar: Professional companies or organizations usually have proofreaders. If you notice basic grammar or spelling mistakes, it is likely fraudulent.
     
  • Encouragement to click links: Cyber criminals may include links for you to click on. The link's text may look legit, but always hover your mouse over them to expose the actual destination. Often you will find it is somewhere completely different from xavier.edu.
     
  • Ultimatums: Claims or threats that your account will be suspended/deleted if you do not respond with your personal information within some amount of time.
     
  • Spoofing popular websites or companies: Cyber criminals use logos in email that appear to be hyper-linked to legitimate websites but actually take you to phony websites. Their hyperlinks may also use slightly altered addresses of companies (i.e. gooogle.com or micrsoft.com) to throw you off.
     
  • Surveys that require you to enter your Xavier credentials. Cyber criminals will often send out bogus surveys that look enticing to complete. The phony survey site will request your username and password so that they can later compromise your account. (All legitimate Xavier surveys originate from https://xavier.co1.qualtrics.com).
     
  • Request for account information: Often cyber criminals will use one or several of the following phrases to fool you into providing information, such as your username, password, credit card numbers, etc:
    • Verify your account...
    • Update your account...
    • Due to regular account maintenance...
    • Failure to update your accounts will result in account suspension...

Phishing do's and don'ts

  • Don't directly respond, click links, open attachments or provide any information requested by the sender. Ever.
  • Do report any phishing attempts by using Xavier's PhishAlert feature. PhishAlert allows you to quickly and effectively report these attempts directly to those who can take immediate action.

What to do if you responded to a phishing attempt

  • Change your email account passwords immediately.
  • Monitor accounts that you think may be compromised for unusual activity.
  • Report the incident to our email abuse team at abuse@xavier.edu.

Details

Details

Article ID: 64
Created
Tue 6/2/15 3:28 PM
Modified
Tue 11/7/23 4:02 PM

Related Articles

Related Articles (7)

Cautionary Banner on Emails from External Senders
As of March 10, 2020, emails from external senders will include a cautionary banner
Gift Card Spear Phishing Scams
Online scammers will attempt to scam you into buying gift cards for them. This email explains the scam, so you can avoid it!
Physical Security and Awareness
Preventing Ransomware Infections
Receiving Email with Subject "Undeliverable: You Have Notifications Pending"
This error is a "bounce" notification generated when a sent message does not reach the recipient.
Reporting Phishing Emails via Phish Alert
Phishing emails can be reported within your email client with just one click!
Social Media Security Tips