Be aware of the threat
In order to protect yourself, our community, and our University from the threat posed by phishing attacks, you need to understand what we're up against. Knowing what phishing is and how hackers use it is important to keeping your data, your devices, and even your identity safe from misuse.
Learn more below:
What is phishing?
Phishing is an increasingly common and dangerous cyberattack perpetrated using email. Hackers and scammers, often pretending to represent familiar organizations like the IRS or a bank, send out emails that contain links to malicious sites or malware-infected attachments. Their intent is to trick unsuspecting people into surrendering their personal information or even control of their devices.
Phishing works—and is becoming increasingly common—because hackers realize it's easier to trick people than it is to trick machines. Phishing attacks depend on social engineering: the use of deception or trickery to manipulate people into doing certain things. Hackers play on a number of known human tendencies in order to manipulate their victims. These tendencies include:
- Our desire to help people in need
- Our desire to be liked or to fit in
- Our trust in people and things we recognize
- Our sense of obligation to return a favor or comply with a rule
- Our respect for authority figures
- Our fear of consequences or punishment for noncompliance
By exploiting these tendencies to craft a phishing email, hackers are hoping to gain your trust, intimidate you into cooperating, or rush you into doing something before you can realize something is wrong. Be aware of these tricks and try to identify the warning signs of phishing attacks. Your vigilance could save you from identity theft, save your devices and accounts from being compromised, or save the University from a security breach.
Spear phishing is a targeted form of phishing that aims to trick members of a particular organization. Spear phishing emails typically includes names, logos, and other information relevant to the organization being impersonated in order to establish an appearance of legitimacy. For example, a spear phishing logo targeting a bank employee might claim to come from a regional vice president and include the bank's logo and contact information in the signature.
SMiShing, or SMS-based phishing, is a form of phishing attack that uses SMS or text messages instead of emails. These types of attacks generally mimic text notifications or offers from companies you might know. They might also invite you to download malicious apps or grant access to your device's data. SMiShing can be particularly dangerous because many mobile devices are not as well protected as computers, yet they contain a wealth of personal information.
Vishing, or voice-based phishing, uses telephone calls instead of emails. In a vishing scam, attackers rely on victims to trust the person on the other end of the line. They often pose as technical support companies, the IRS, or other organizations in order to get you to divulge personal information.
Social Media Phishing
Social media based phishing uses messages sent via social media instead of emails. In this type of scam, attackers may send a malicious link or attachment with malware via a social media account such as Facebook, Twitter, LinkedIn or Instagram. They often pose as someone you may know or a familiar company in order to get you to divulge personal information.
What's the danger to me?
In the most basic terms, a phishing attack seeks to exploit you—or others—in order to steal your data or compromise your devices. Falling for a phishing attack could lead to hackers stealing your login information, stealing your personal data or University information, or taking control of your device. Hackers could also compromise other accounts that use your email.
Phishing is becoming more and more prevalent, and anyone can receive phishing emails. Although hackers do sometimes try harder to phish management and executives, phishing attacks can affect anyone. Hackers can exploit any compromised account or device to gain access to data or the network.
Even if you think you don't have anything worth a cyber criminal's time, you are still a target, and you have a responsibility to protect yourself, our community, and our University from harm.
How can I learn more?
The University provides several resources about phishing attacks and how to respond to them to protect yourself, our community, and our University.
- Secure UD Threat Alerts
The Secure UD Threat Alerts blog highlights cyber threats currently facing the University community. It includes annotated copies of phishing attacks reported by students, staff, faculty, and others.
- Secure UD Training
Secure UD Training helps employees educate themselves about good cyber hygiene, including best practices for identifying and reporting phishing attacks.