What is Phishing?

Phishing is a form of social engineering that uses email or websites to pose as a trustworthy organization in order to access your data. Most commonly we see phishing attacks in email. Scammers or hackers will try and pose as an organization you trust in order to trick you into giving them sensitive data like a username, password, social security number or credit card information.

How can I tell if an email is a phishing attempt?

When you get an email that just doesn’t feel right, follow the tips below to avoid becoming a victim of a phishing attack.

First, notice the email address.

If you are receiving an email from The University of Alabama, the from email address should be from @ua.edu, not @yahoo or @gmail. Similarly, if you receive an email from a private company, the email address should reflect the company. For example, if you receive a tracking notification email from UPS, the email should be from @ups.com.

Look at the URL of a website.

Phishy emails typically include a link. The scammers want you to click on this link to provide your sensitive data. Beware! Do not immediately click on the link. First, hover over a link to see where it is taking you before you go. If you do not recognize the URL, do not click on the link.

Watch for Poor Spelling and Grammar.

This used to be a go-to tip; however, scammers utilize specialized translation tools to better fool users. Remember that official UA emails are always spell-checked, and should be error-free.

Beware of Urgent or Threatening Language.

Do not trust emails that say “your account has been suspended” or “verify your information.” Scammers use language like this to get your attention. Students should also be aware of false job offers and internships.

Phishing can happen anywhere, to anybody.

When in doubt, give us a call 205-348-5555. We’re happy to answer any and all questions about phishing attempts.