What is Phishing?
Phishing is a method of trying to get a person to reveal sensitive information, such as passwords or credit card numbers. There are a number of slightly different methods: saying there was an account problem and a password is needed to fix it (NEVER give out your password. Not to VSC IT, not to any company. They don’t need it. If someone asks for your password, they are phishing.) or sending a link to a legitimate-looking website that will save the information you put into it. You can even be phished over the phone. Often times, especially in e-mail, they will use scare tactics to get you to act without considering the legitimacy of the e-mails. For example, a phishing e-mail may say it is from your bank and that if you do not provide information, your account will be closed immediately.
What do I do if I am Phished?
If you suspect you received a phishing email, please forward the email to cybersecurity@vsc.edu, and we will investigate the email and content for you
If the phished account wasn’t your VSC account, you should keep the following steps in mind. If you gave out your password, find any website that you used that password on and change it, especially if you use the same username. If you gave out your credit card number, call your bank and have your account closed immediately.
How do I avoid being Phished?
There are a lot of ways to help avoid being phished. The best way is to know what you’re looking for and be very careful with your information.
- Never give out your password. All legitimate sites have a system in place that allows you to reset your password if it is lost. This is because businesses run websites, and you can’t always trust your employees to be completely honest. Thus, there are always systems in place to help you keep your password a secret.
- Avoid clicking links in e-mails. Instead, you should copy it and paste it into your address bar. For example, you may see something like this: http://support.ccv.edu/index.php/webservices, and if you do, you should place the mouse pointer over the link without clicking it and look in the bottom left of your browser. Sometimes, like with that link, it is not what it appears to be.
- Most of the time, if a company is sending you an e-mail, they will refer to you either by your username, or the name you input when you signed up. beware of generic “Dear Customer” e-mails.
- If you get an e-mail asking for sensitive information, call the company and ask about it.
- If you get a call from an unidentified number, go to google or some other search website and look for that phone number. There are websites that allow users who got calls from said numbers to write about their experience.
- Be aware that website designs can be easily copied. You can right click any website and select “view page source” and put that on another website. You can also right click and save any images, then upload them elsewhere, or even simply link them. Just because a site looks the same doesn’t mean it is.
- Check the address bar. You should be aware that ebay.com and ebaycorner.com are not affiliated simply because the second has ebay in its name. You should also be aware of items that look similar but aren’t, such as paypa1.com, where the letter l is replaced with the number one.