Skip to Content

Phishing

What is Phishing?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

  • natural disasters 
  • epidemics and health scares 
  • economic concerns 
  • major political elections 
  • holidays

What information are they after?

E-mail spoofers are commonly trying to get the following information:

  • passwords
  • PIN numbers 
  • credit card numbers 
  • CCV codes (the 3-5 digits on the back of the credit cards)
  • ATM/debit or credit card information
  • social security numbers
  • banking information (account number, routing number).

Tips to Protect Yourself Against Phishing Scams


Never provide any of this information via e-mail!

Things to know and remember when opening ANY e-mail that is asking you to provide information:

  • No reputable organization will ever ask you for confidential information via e-mail.
  • Never respond to an e-mail from a source you are not 100 percent sure of. When in doubt, call them.
  • Never be afraid to call the company. If they want your information, they should be able to take it over the phone.
  • Always check the authenticity of a Web site before you provide any of your personal information.
  • Never click on a link in a suspicious e-mail because it may take you to a malicious site. Open a new browser window and type in the link manually.
  • Phishing e-mail will often have a sense of urgency. ("Your account will be closed if you don't..." etc.) They may also contain strange words, misspelled words or unusual or awkward phrasing to help them avoid SPAM-filtering software.

What can you do?

  • Stay Aware of any breaches that have happened recently
  • Follow best security practices (http://security.vpit.txstate.edu/awareness/best_practices.html) and keep others aware of security practices
  • Change your password every 6 months or at least a year
  • Always use different password for every account you own (consider using a password manager to achieve this)
  • Report any phishing emails you received to your txst email to abuse@txstate.edu
  • Report any phishing emails you received to your personal email address to the designated domain (google, yahoo, hotmail)

To keep from becoming a phishing victim follow the advice given by Anti Phishing Work Group. More anti phishing resources are available in our related links page.

Valid Sources that are Frequently Spoofed

Phishing attacks hijack the brand of established organizations. The user believes they are ordering legitimate products, applying for a legitimate mortgage, retrieving electronic greeting cards or conducting some other real business transaction. Here are some of the most commonly spoofed brands and links to their phishing information pages:

Financial

Others

  • your employer
  • help desk personnel
  • IT organization
  • vishing (Phishing via Phone)