Protect yourself from phishing and other fraud
Phishing is a type of cyber attack perpetrated by hackers through email. Phishing scams use emails that attempt to threaten or trick you into doing something—usually, the goal is to get the victim to reveal a password or other personal information or to download malware. Phishers may even attempt to steal your credit card and bank account numbers or your birthdate and Social Security number.
Phishing email scams work by trying to shock, threaten, or trick you into responding without thinking. Watch out for phrases like these:
- "Your email account will be canceled unless you click here."
- "Thank you for your payment of $2,374.27. Click here for more information."
- "We've noticed unusual activity on your account. Click here to verify it or access will be terminated."
- "To qualify for this special offer, reply to this email message with your email address, password, and date of birth."
All these phishing scams ask you to "verify" or "confirm" personal information by replying with the requested information or by going to a fake website that resembles a reputable one. For example, a phisher might create a fake Gmail, Facebook, or University Web page to trick people into "logging in" with their real username and password.
Providing personal information in a reply email or through a fake website puts your accounts—and even your identity—at risk. Hackers could use your account to steal money or place orders, and they could use your personal information to commit identity theft.
Some guidelines to remember:
- If you are unsure of the legitimacy of an email, contact the alleged sender using a published telephone number or website address to verify the message.
- Learn how to inspect links in an email before you click them. For example, if email allegedly came from the University, make sure the links go to a legitimate "udel.edu" website.
- Be cautious of messages containing a lot of typos and grammatical errors; those are often signs of a phishing scam.
- Be suspicious of any email that asks you to click a link to provide personal information.
- Avoid opening unsolicited or suspicious email attachments.
- NEVER send email containing your Social Security number, credit card numbers, online banking credentials, or passwords.
- NEVER provide personal information in reply to unsolicited email, text messages, social media, or other electronic communication—even if the messages appear to come from someone you know.
Tips for avoiding phishing scams
- Don't believe everything you read. Phishers use urgency and scare tactics to trick people into thinking their messages are real.
- Check links carefully. Hover your mouse over the link and check for misspellings or suspicious destinations.
- Don't open unexpected attachments. Phishers use infected attachments to run scripts, compromise your system, and steal your data.
- Never give up personal information. Legitimate organizations will never ask you to provide your personal information in a reply to an email.
- Go to the source. Verify the legitimacy of a message by contacting the alleged sender directly through a separate channel (such as over the phone or in person). If you're directed to a website to do something, make sure you're going to an official website.
- Check Secure UD Threat Alerts. The University posts alerts about phishing scams that are known to target members of the University community. If you receive a phishing scam that isn't listed on this blog, forward it to email@example.com.
Your responsibilities as a student
As a student at the University, you're responsible for protecting yourself, your information, and your devices as well as the University's IT resources as you use them.
- Use IT resources appropriately
- Take responsibility for your device's activity
- Protect and clean your computer
- Use strong and unique passwords
- Protect yourself from phishing and other fraud
- Understand copyright laws and file sharing
- Protect your online reputation
- Understand the consequences for violating the rules