One way to catch a fish is to trick it with bait — phishing on the web works the same way.
Most phishing scams ask you to reply to a message and send your password. As an example, you may receive an email claiming to be from an official (but non-existent) entity, e.g., The Wayne Email Team, saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password.
Another technique is an authentic-looking email with real organizations' logos, such as PayPal, eBay or even your banking institution. If you take the bait by clicking or replying to the message, you may have money stolen or even be a victim of identity theft.
Be careful about logging in on pages linked from emails, too — phishers can make pages that look very similar to authentic login pages designed to steal your account information. Type in the web address yourself to be sure you are on the right page.
What to do if you receive a phishing email
- Do not reply: Never reply to an email message requesting a passworde, username, account number or personal/financial informartion, no matter how legitimate the message may seem or who appears to have sent it.
- Delete the message: Viewing it typically does not harm your computer; the damage comes from replying to it and providing a stranger with your personal information or information about Wayne State computer accounts.
- Report suspicious emails: Follow these instructions to notify our Information Security Office of malicious messages.
- Report it: If you did replt to a phishing message and provided personal and/or account information, contact the C&IT Help Desk.
Remember: Wayne State University will never ask for your password or other personal information via email.