What is it?
Well basically, it’s an attempt by a predator to trick you into giving them information. Generally the information that these predators are phishing for are PII (Personally Identifiable Information) or even more secret things like your password or banking information.
Where does it happen?
Mainly email although you may be phished in social media, chat rooms, text messages and any way people communicate with you.
How do they get information from you?
You can just respond to the email and disclose the information
They can send you a link to a Phishing Site that looks just like the real site but really isn’t -- that will collect your username or password from you.
Or worse case, they attach a file that you open, download, and it runs malicious software on your computer that collects your information and sends it back to the predator without your knowledge.
How do I identify it?
Do NOT click on links or Download attachments without first verifying the email is legit
Keep in mind that opening an email isn’t bad, it’s acting on the email that could cause harm.
Is the email being spoofed?
Is the sender really this person?
Check the email header (the name shows, but is this email coming from their real email).
Does this email seem “normal” to you from this person? Would this person send an email like this? Are they prone to misspelling words, using bad grammar, etc?
It’s never a bad idea to contact the sender to verbally verify this is from them.
Is the website being spoofed?
Sure it looks like Bank of America, but is it really the legit website? - bofa.com, not something like bankofamerica.biz or bank0famerica.com.
Before you put ANYTHING into a website, make sure there’s a little padlock on your screen next to the URL. This padlock ensures that your data is safe as it flies through the internet and gets put into that site.
Some Good news:
Google Gmail (which is the email provider we use) has some pretty good native security functionality that IT has enabled for additional protection. This should make it easier for you to identify the predators.
You may see a banner that will indicate that this message could be spoofed or to be careful when opening this message.
What do I do when I identify it?
Report it to Google. There’s a link in the message to report it.
DON’T forward it to any user.
DON’T reply to the user.
Report it to our IT department. Forward it to email@example.com so that IT can investigate further.
Advise other staff (if they are copied on the email) to let them know.
Oh no, I’ve clicked on it! What do I do now?
Change your Password immediately - you can do this by going to accounts.google.com
Change any related passwords immediately
Inform IT as soon as you are able so that we can investigate further.
For additional support, don't hesitate to reach out to us!