Phishing (pronounced “fishing”) is a form of fraud, in which an attacker tries to learn private information (such as login credentials or credit card information) by masquerading as a reputable entity or person (usually via email, phone call, or text message).
Legitimate companies will never ask you to provide sensitive information via email, and many will address you by your name (instead of "Dear Customer"). Take a look at where the message is from (sender), hover over links in the message (URLs), and verify the information. If the URL looks suspicious, it's probably a phishing attempt. Also, pay attention to formatting, misspellings, and grammar. Last but not least, never open an unexpected attachment out of context or with misplaced file types
Follow the tips below when working or learning remotely:
- Don't reply to emails, texts, or pop-up messages that ask for your personal or financial information. Legitimate companies will never request sensitive information via email, and most banks in the US will tell you that they won’t ask for your information unless you’re the one contacting them.
- Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar.
- Ensure that you have anti-virus installed and it is up-to-date. Anti-viruses protect your devices from malicious software that can infect them.
- Often a phishing website will look identical to the original. Look at the address bar to make sure you are accessing the correct website. Never enter your personal information in a pop-up screen or a login page with a suspicious link in the address bar. Criminals have access to tools that replicate legitimate company sites.
- Don't get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
- Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them. Many phishing emails begin with "Dear Sir/Madam," and some come from a bank with which you don’t even have an account.
- Never open email attachments or submit confidential information via forms embedded within suspicious email messages. Senders are often able to track all information entered.
If you suspect a message to be a phishing attempt, you can quickly report it using Outlook's "Report Message" feature. If you are not using Outlook or the feature is not available, you can forward the phishing email (as an attachment) to phish@miami.edu.
If you are victim of phishing, e.g., you clicked a link and/or downloaded an attachment from a suspicious source, please contact the UMIT Service Desk at: (305) 284-6565 or help@miami.edu, as well as the Information Security Office (ISO) at: infosec@miami.edu.
CLICK HERE FOR ADDITIONAL INFORMATION AND VISUAL EXAMPLES OF PHISHING SCAMS
Have questions? We're here to help!
If you have questions about cybersecurity, or if you want to learn more about how to stay safe online, contact the Information Security Office (ISO) at: infosec@miami.edu
