What is Phishing?
Phishing is usually an attempt to deceive you into thinking a legitimate organization is requesting information from you. These requests for information may look innocent at first glance or may seem to come from a legitimate source, but do not. These scams request you reply to an email, respond to a request by phone, or follow a link to a web site.
Email phishing attempts often give clear indications that the request is not legitimate and we will show you some examples on this page. Links to web sites (sent to you through email) often take you to web pages that look very similar to the legitimate service the email is faking. Banks, E-bay, and online e-cash services like Paypal are common targets; however, phishing attempts are sometimes targeted against specific groups or lists of individuals and are called “spear phishing.”
What does a Phishing email look like?
Phishing emails often attempt to use emotional triggers to get you to react quickly without thinking through whether you should respond, such as dire language about time limits, loss of service, penalties, or language targeting a desire for money. They often have grammar, spelling, and syntax errors, and phrasing that a native speaker would not use.
An example would be an email with a generic greeting warning of a change in an account requiring you to verify your account information. These emails typically include directions to reply with private information, or provide a link to a web site to verify your account by providing personal information such as name, address, bank account numbers, Social Security numbers, or other sensitive personal information.
Indicators of a phishing email:
- Name and email address don’t match
- Attempt to prove legitimacy using words such as ‘Official’
- Uses a real organization or company name but incorrect email address
- Poor grammar
- Unsolicited requests for personal information are a clear danger signal
Will ASU send legitimate emails that look like phishing scams?
The short answer is NO. There will be times when legitimate messages must be sent to inform our email users of various issues. These may include password expiration notices, inactive account removal, or cases of account abuse. However, it is very important to remember that the ASU Information Technology department (to include the Technology Service Center) will never ask for your password in an email. If you are ever in doubt about the legitimacy of an email, call the Technology Service Center at 325-942-2911.
Why can’t ASU stop these emails?
ASU stops thousands of phishing attempts, spam emails, and virus infected messages every day, but the methods scammers use change very quickly. Due to the variety of use for ASU email, we must also be careful not to implement filtering which may block otherwise legitimate email.
How can I avoid phishing scams?
- Never send passwords, bank account numbers, or other private information in an email.
- Avoid clicking links in emails, especially any that are requesting private information.
- Be wary of any unexpected email attachments or links, even from people you know.
- Look for ‘https://’ and a lock icon in the address bar before entering any private information.
- Have an updated anti-virus program that can scan email.
What should I do if I have been scammed by phishing?
- Change your ASU login credentials
- Change your Banner INB password
- Set mobile devices to delete all data via Exchange and/or FindMyiPad.
- Change login and password for any personal accounts that share the same password such as:
- Online banking
- Personal email
- Online purchasing (Paypal, Amazon, eBay, etc.)
- iTunes account
- Social media (Facebook, Twitter, blogs, etc.)
- Online backup service or file sharing (Dropbox, Mozy, Carbonite, etc.)
- Contact the abuse or fraud department of the service being impersonated (eBay, Paypal, etc.)
- Call the Technology Service Center
- If you suspect a bank or credit card account may have been compromised, contact that institution to check your account immediately and request a credit report.
Visit the FTC web site for more information on Identity Theft.