If there is just one message that you can take away from this complicated topic, it is this: Phishing is bad. Phishing steals identities. Phishing wrecks lives.
What is Phishing?
Phishing is a technological attempt to steal your personal information, usually through email. Sometimes, the message simply asks you to provide your personal information through some ruse. A phishing email might also contain attachments that, when opened, install malicious software on your computer.
Spear Phishing is a special attempt to gain unauthorized access to confidential data by targeting a specific organization or person. A spear phishing email appears to be from someone or some company that you know. The spear phisher is familiar with your name, email and knows a little about you usually through social media, using that to win your confidence and cooperation.
What are the negative effects of phishing?
Notre Dame has done a good job of summarizing the many personal and institutional risks. For further reading simply google the effects of phishing scams.
How can I protect myself?
Learn how to recognize a phish. Phishing emails usually appear to come from a well-known organization and ask for your personal information. Either directly in the email body, or linking out to another website, a phishing email could be asking for your username, password, credit card number, social security number, and much more.
Think you can spot a phish?
Take a quiz below! Can you tell the difference between a legitimate email and a phishing scam?
Kenyon will NEVER ask you for any login credentials, especially not passwords!
Things to look for:
- Requested personal information
- Generic greetings or company spoofing
- Dear Bank User, From Bank - Main Branch
- Dear Facebook User, From Facebook Research Team
- Dear Kenyon Employee, From Kenyon IT Department
- Bad email addresses
- Always mouse over the from address to make sure it is legitimate
- Forged Links
- Always mouse over any link in the email to see if the address matches the link that was typed in the message
- Look to see if the link starts with an https and not http
- Do not click on the link if you are unsure
- Oddly named attachments
- Do not download if you are unsure
- Sense of urgency or threats
- Within 48 hours… or your account will be locked
- Bad Spelling
- Poor formatting
Want to learn more?
Read about phishing in the news. Further protect yourself by considering Two Factor Authentication (2FA). See this page for additional information. If you have any questions about phishing or 2-step verification, please visit us at the Helpline in the Chalmers Library.