Skip to Knowledge Base content

Understanding and Identifying Phishing Attempts

In this article:

What is phishing?

Phishing is a form of cyber crime in which targets are tricked into providing sensitive data such as personal information, financial account details, and passwords via phony emails, phone calls or text messages. The information provided is used to access these accounts, often resulting in identity theft and financial loss. Often, attackers will harvest contacts from your address book and extend their attacks to other, using a legit email address as cover.

Common attributes of phishing emails

Here is an example of what a phishing email message might look like:

  • Bad spelling/grammar: Professional companies or organizations usually have proofreaders. If you notice basic grammar or spelling mistakes, it is likely fraudulent.
     
  • Ultimatums: Claims or threats that your account will be suspended/deleted if you do not respond with your personal information within some amount of time.
     
  • Spoofing popular websites or companies: Cyber criminals use logos in email that appear to be hyper-linked to legitimate websites but actually take you to phony websites. Their hyperlinks may also use slightly altered addresses of companies (i.e. gooogle.com or micrsoft.com) to throw you off.
     
  • Surveys that require you to enter your Xavier credentials. Cyber criminals will often send out bogus surveys that look enticing to complete. The phony survey site will request your username and password so that they can later compromise your account. (All legitimate Xavier surveys originate from https://xavier.co1.qualtrics.com).
     
  • Request for account information: Often cyber criminals will use one or several of the following phrases to fool you into providing information, such as your username, password, credit card numbers, etc:
    • Verify your account...
    • Update your account...
    • Due to regular account maintenance...
    • Failure to update your accounts will result in account suspension...

Phishing do's and don'ts

  • Don't directly respond, click links, open attachments or provide any information requested by the sender. Ever.
  • Do report any phishing attempts by forwarding them to our email abuse team (abuse@xavier.edu). Once you've reported the message, delete it.

What to do if you responded to a phishing attempt

  • Change all passwords or PINs on any accounts you think may be compromised. Your Xavier password can be changed using the Password Manager.
  • Monitor accounts that you think may be compromised for unusual activity.
  • Report the incident to our email abuse team (abuse@xavier.edu)
100% helpful - 13 reviews