Info Security / Tech Tips

The Phishing Problem …

Contributed by Cathy Sowa, Information Security Associate and Harlan Harris, Information Security Intern

Phishing emails are a common attack method used by senders with malicious intent to trick employees, students, alumni, and retirees into giving away sensitive information, such as login credentials, or downloading software that can cause harm to their computers and network.

Those who send phishing emails can use a variety of techniques to make the email seem legitimate. They may “recreate” the look of an email that might come from a legitimate site. For example, an email might claim to be from a bank, and the message recommends clicking a link to change your password. Images can be downloaded from legitimate sites and used to make an email look genuine. Phishing emails may include deceiving attachments such as an “invoice” that the message indicates is “overdue for payment.”

Phishing emails may even appear to come from someone you trust. Even though it appears to come from a supervisor, colleague, or contact, that trusted person may not be the sender. A frequently used trick is to find the email addresses of faculty, staff, or students of an institution’s website and set up fake email accounts (e.g. Gmail, Yahoo) with the colleague’s real name in an attempt to manipulate your trust.

Spot the Signs of Phishing ‘Lures’:

  • Messages that contain threats to shut your account down
  • Requests for personal information such as passwords and account numbers
  • Subjects like Urgent” or “Open Immediately”
  • Poor writing or bad grammar
  • Unusual requests such as a request to purchase $500 in gift cards

Some Tips to Avoid Phishing Attacks:

  • Hover your mouse over the name of the sender and check the email address. “Do you recognize the sender and the sender’s email address?”
  • Be suspicious if an email has a banner at the top of the message stating that the message was “Delivered From External Sender” BUT the email was sent from a VSU email address. It may be an illegitimate spoofed message. 
  • Be cautious even if you recognize the sender. Don’t click on links or open attachments unless you are expecting to receive emails with links or attachments from that sender. Instead, call the sender to ask if he or she sent the message.
  • Instead of clicking on links, open a new browser tab and manually type an address in the address bar. You can use this tip for any emails that you receive from organizations asking you to click email links.
  • Employees working in Information Technology at Valdosta State University will not contact you by email or phone to request that you reset your password or check your password. To reset your VSU password, search on the university home page for the password reset tool or contact the Solutions Center at 229-245-HELP (4357).

For further information about the matter, please direct to Information Security’s Phishing page.