Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information -- such as credit card numbers, bank information, or passwords -- on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website or attempt to obtain your personal, financial, or contact information as part of a larger scam.
What is phishing?
Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages, and direct messages on social media or in video games, to get people to respond with their personal information. The best defense is awareness and knowing what to look for.
Here are some ways to recognize a phishing email:
-
Urgent call to action or threats - Be suspicious of emails and Teams messages that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.
Tip: Whenever you see a message calling for immediate action take a moment, pause, and look carefully at the message. Are you sure it's real? Slow down and be safe.
-
First time, infrequent senders, or senders marked [External] - While it's not unusual to receive an email or Teams message from someone for the first time, especially if they are outside Valencia College, this can be a sign of phishing. Slow down and take extra care at these times. When you get an email or a Teams message from somebody you don't recognize, or that Outlook or Teams identifies as a new sender, take a moment to examine it extra carefully using some of the measures below. Valencia College's OIT department adds a banner, as shown below, on messages that originate from an external sender.
-
Spelling and bad grammar - Professional companies and organizations usually have an editorial and writing staff to make sure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate in an attempt to evade filters that try to block these attacks.
-
Generic greetings - An organization that works with you should know your name and these days it's easy to personalize an email. If the email starts with a generic "Dear sir or madam" that's a warning sign that it might not really be from Valencia College, your bank or shopping site.
-
Mismatched email domains - If the email claims to be from a reputable company, like Microsoft, your bank or the college, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers. Also, emails from @mail.valenciacollege.edu are sent from student accounts, not from college faculty or staff.
-
Suspicious links or unexpected attachments - If you suspect that an email message, or a message in Teams is a scam, don't open any links or attachments that you see. Instead, hover your mouse over, but don't click the link. Look at the address that pops up when you hover over the link. Ask yourself if that address matches the link that was typed in the message. In the following example, resting the mouse over the link reveals the real web address in the box with the yellow background. The string of numbers looks nothing like the company's web address.
If you get a phishing email
-
Never click any links or attachments in suspicious emails or Teams messages. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization's website from your own saved favorite, or via a web search. Talk to them using official numbers or emails from their site. Call the organization using a phone number listed on the back of a membership card, printed on a bill or statement, or that you find on the organization's official website.
-
If the suspicious message appears to come from a person you know, contact that person via another means like by text message or a phone call to confirm it.
-
Report the message (see below).
-
Delete it.
How to report a phishing scam
When using the Outlook desktop or web app:
In Outlook on the web or on your desktop, select one or more messages, select Report, and then select Report phishing or Report junk in the dropdown list.
When using the Outlook desktop app:
In Outlook on the your desktop, select one or more messages, select Report Message, and then select Phishing or Junk in the dropdown list.
When using the Outlook app on iOS:
In Outlook for iOS, select the message and click on the three dots (...) on the top, click on Report Junk, and then select Report phishing or Report junk.
When using the Outlook app on Android:
In Outlook for Android, select the message and click on the three vertical dots on the top, click on Report Junk, and then select Report phishing or Report junk.
