It’s more common than you think. You receive a suspicious email from what appears to be your bank, employer or another trusted source. The message contains a link and asks you to follow it, and login with your username and password. These suspicious messages can lead to identity theft and more. They’re called Phishing Scams and they’re a very real threat.
Phishing scams typically come in the form of email, but they can also show up in social media and telephone calls or text messages. As an everyday user of modern technology, it is important that you take actions to protect yourself and those around you.
“The best thing people can do is be paranoid,” said Information Security Officer for Wayne State University Computing and Information Technology, Kevin Hayes.
In this case, being paranoid is the equivalent of being prepared. Consumers of technology should wary of these messages and use that suspicion to prevent possible breaches in security.
“To address this paranoia, make sure to hover over links in email messages to see where the link will actually take you,” Hayes said. “Delete any messages you don’t feel comfortable with.”
How to be prepared
You are a phishing target at school, work and home. Ultimately, you are the most effective way to detect and stop phishing scams. Be on the look out for the following indicators to prevent stolen information:
- Beware sketchy messages: Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests or gimmicks.
- Avoid opening links and attachments: Even if you know the sender, don't click on links that could direct you to a bad website. And do not open attachments unless you are expecting a file from someone.
- Verify the source: Check the sender's email address to make sure it's legitimate. If in doubt, just delete the message.
- Know your URL's: Don't be fooled by fake login pages. Phishing emails commonly include a link to a login page that looks like a WSU login page, but careful examinatiion of the website address shows that it is not authentic (here is an example). Always use login.wayne.edu to access services like Academica, Wayne Connect, Blackboard and more.
How to react
Wayne State University staff and faculty will never ask you for your password or other private information via email. Follow the steps below if you believe you have received a phishing email:
- Do not reply: Never reply to an email message requesting a password, user name, account number or personal/financial information, no matter how legitimate the message may seem or who appears to have sent it.
- Delete the message: Viewing it typically does not harm your computer; the damage comes from replying to it and providing a stranger with your personal information or information about WSU computer accounts.
- Report suspicious emails: Follow these instructions to notify our Information Security Office of malicious messages.
- Get Help: If you did reply to the phishing message and provided personal or account information, contact the C&IT Help Desk.