Summary
This introductory article on phishing provides a description of phishing, examples of spoofed senders, purposes and types of phishing as well as associated risks.
Body
Detailed Information
What is phishing
By posing as a person or organization you trust, phish actors exploit people for money, steal information, steal credentials, or plant malware.
Spoofed Senders
Messages may look legitimate or from a trusted source, such as:
-
Someone from the University, such as your supervisor or IT
-
Your bank or credit card company;
-
A government agency;
-
A company that you may have an account with
It is easy to replicate a logo, format or web page - tactics used by phishers to make messages look legitimate.
Purposes/Types of phishing
-
Credential Harvesting - Request you to log in to a spoofed site with your credentials, so that the phisher can steal your login credentials
-
Planting Malware - Include an attachment, such as an invoice, which could malware to infect your computer
-
Scamming - Request that you make a purchase such as gift card, software renewal, or item with a very discounted price; or
-
Request you to verify or provide sensitive information. (ex. SSN, DOB etc.)
Risks from phishing
-
Direct Deposit Changes
-
Loss of money through gift-card or fake job scam
-
Loss of valuable university data or credentials that cause a wide-spread breach
-
Loss of Data such encryption which blocks your access if you don’t pay a ransom
-
Malware that may cause other havoc to your computer or steal data over time.
Other Related Phishing Articles
Environment
- Phishing can be sent via email, text message, or phone calls.