We're here to help you identify phishing attempts and to protect your account information.You can always forward suspicious emails to OIT support if you're unsure about the legitimacy of a message. That said, there are also some telltale signs of email scams you can use to keep your personal information safe on the internet.
What is phishing?Phishing is an attempt to get you to reveal logins, passwords, account numbers and other personal information through emails or instant messages that claim to be from a business or organization you interact with, like your bank, a credit card company or a government agency.
What is spear phishing?Phishing attacks directed at specific individuals, roles or organizations are referred to as "spear phishing." Attackers often use publicly available institutional information to carry out these attacks. Often, these attacks will come from someone with a name that matches someone at an organization, like St. Edward's.
"Whaling," meanwhile, is a type of spear phishing attack in which the attacker attempts to mimic executive officers or other high-profile targets within a business.
One of the common spear phishing tactics features a sender stating they have an urgent request. If someone replies, the attacker will then request gift cards be purchased immediately.
Recognizing phishing attempts
Phishing attempts have been around for years, and you may have seen some targeted at the St. Edward's community. Often, you can recognize a phishing email by the following characteristics:
- It asks for a username and password. No one from St. Edward's will ever ask you to provide your password via email.
- The message usually says you need to "update" or "validate" your account information.
- It might threaten some dire consequence if you don't respond, like that you'll lose your account if you don't verify your information.
- The "From" address is clearly bogus or is clearly not a St. Edward's address. Other times, though, the message may contain a "From" address that looks legitimate. Unfortunately, it can be easy to spoof a sender's address.
- The email itself may contain frequent spelling errors.
- The message directs you to a website that looks like a legitimate organization's site, but it's not. The purpose of the bogus site is to trick you into divulging your personal information so the phishers can steal your personal information. If you hover your mouse over the web address (but don't click!), you can see the full URL, which is usually markedly different from the real company's web address.
- The message states that it's extremely urgent and the sender is requesting gift cards.
Never give your password out via email to anyone — not us, not your bank, not your credit card company. If you're suspicious of an email and it has a link to a site that asks you to enter your username and password, don't do it. Use the web address you know to access the site, not the link you received in the email. Many phishing attempts make use of company logos to make the site seem legitimate.
What happens when someone replies to a phishing attempt?
Once compromised, your email account can be used to send spam to thousands of people. When that happens, the St. Edward's email domain becomes suspected of being a source of spam, which can lead to all @stedwards.edu accounts being blocked by other email providers.
If you answer a phishing email sent to your St. Edward's email account, your account will be blocked. You will not be able to log in and check email until you reset your password.
Internet safety tips
- Be suspicious of email attachments from unknown sources.
- Always check the actual email address of the sender.
- If you suspect the message may not be authentic, don't use the links in an email to get to any webpage. Instead, call the company on the phone or log on to the website directly by typing in the web address in your browser.
- Verify that attachments have been sent by the author of the email. Newer viruses can send email messages that appear to be from people you know. This is known as "spoofing" a sender's address.
- Install all Microsoft security updates.
- Update your anti-virus protection weekly.
- Avoid financial transactions over email.