What is Phishing?
Phishing is a form of social engineering that uses email or websites to pose as a trustworthy organization in order to access your data. Most commonly we see phishing attacks in email. Scammers or hackers will try and pose as an organization you trust in order to trick you into giving them sensitive data like a username, password, social security number or credit card information.
Special Alert – Student Phishing Scams
OIT has obtained reports of students receiving specialized phishing scams from hackers posing as employers, tutors and honor societies. In many of these instances, the email requests financial data such as a checking account and/or routing number. In other instances, the student may even receive a check in the mail from the hacker. If you receive a message like this, please notify UAPD. Do not ever provide credentials, passwords, or financial data over email, and if you receive a physical check, shred it and dispose of it. If you have any questions, contact the IT Service Desk.
How can I tell if an email is a phishing attempt?
When you get an email that just doesn’t feel right, follow the tips below to avoid becoming a victim of a phishing attack.
First, notice the email address.
If you are receiving an email from The University of Alabama, the from email address should be from @ua.edu, not @yahoo or @gmail. Similarly, if you receive an email from a private company, the email address should reflect the company. For example, if you receive a tracking notification email from UPS, the email should be from @ups.com.
Look at the URL of a website.
Phishy emails typically include a link. The scammers want you to click on this link to provide your sensitive data. Beware! Do not immediately click on the link. First, hover over a link to see where it is taking you before you go. If you do not recognize the URL, do not click on the link.
Watch for Poor Spelling and Grammar.
This used to be a go-to tip; however, scammers utilize specialized translation tools to better fool users. Remember that official UA emails are always spell-checked, and should be error-free.
Beware of Urgent or Threatening Language.
Do not trust emails that say “your account has been suspended” or “verify your information.” Scammers use language like this to get your attention. Students should also be aware of false job offers and internships.
Phishing can happen anywhere, to anybody.
When in doubt, give us a call 205-348-5555. We’re happy to answer any and all questions about phishing attempts.