Phishing is a form of social engineering. Phishing scams appear to originate from a trusted source to trick a user into entering valid credentials or attempt to lure you into revealing your username, password and other personal identifying information (PII)
The attacker can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.
Other Types of Phishing
When people refer to phishing, they are most commonly referring to phishing attempts that come over email, however there are a few other types of phishing:
- Spear - phishing - Attempts made to target and email specific people and organizations. The hackers and spammers attempt to learn information about you so that when they send you an email, it seems as if it comes from somebody you know, whether it be a friend or familiar business. Spear phishing attempts are often much harder to detect because it is often addressed directly to you, seems to come from a trusted person, and can often bypass traditional security defenses.
- Smishing - Phishing attempts that come over SMS (text) messaging. Cell phone users receive a text that usually contains a link or phone number which will then attempt to get personal information from you. Criminals may even send these pretending to be a bank or cell phone carrier.
- Vishing - Phishing attempts that come over phone calls pretending to be calling from the government, tax department, police, or the victim’s bank.
- Move your mouse over links in emails and it may show a different address than the one displayed.
- Go to links yourself, rather than clicking on links in emails
- Don't respond to emails that appear to be official, but come from un-official email addresses.
- Check for slight mispellings - in the URL, company name, etc. For example, paypa1.com instead of paypal.com
- Use additional software - Many browsers have add-ons/extensions/plug-ins that can help detect phishing sites.
- Be wary of anything that gives a sense of urgency, or states that it requires immediate action
- Don't click anywhere in suspicious e-mails—even in what may appear to be white space.
- Be wary of too-good-to-be-true offers such as free airline tickets or vacation
- Don’t open attachments in unexpected or suspicious e-mails or instant messages.
- Don’t send passwords, bank account numbers, or other private information in an email.
Note that KSU does not delete @kent.edu accounts and will NEVER ask for your password through e-mail
Have I Been the Victim of a Phishing Scam?
Often times victims of phishing scams receive several undeliverable messages, or there will be unfamiliar emails in your sent box. Other times, your signature will be changed or forwards will be set up. Learn how to check for changed signatures and forwards.
If you believe that you have been the victim of a phishing scam, change your password immediately and report it to Phish@kent.edu. Also, don't forget to check out this website for tips on how to keep your accounts safe. To read more about phishing, visit Phish Talk website for more content.