What is phishing?
Phishing uses legitimate-looking email or fraudulent websites to encourage you to give up your personal data or information, such as social security number, credit card numbers, passwords, etc. It is an attempt to acquire sensitive information about you and could lead to identity theft. Phishing typically is done by email, but can also be done by phone (vishing), or text messaging (smishing).
It is important to keep in mind that reputable organizations do not normally contact their customers asking for personal information.
Typically, the phisher sends an email message to a large group of individuals whose addresses he has captured from address books and websites across the internet. The message, usually well-crafted and official-looking, may claim to be from a financial institution, a service provider, or any other organization known by the recipient. It may offer a benefit, such as "click here for more free hard drive space" or offer other enticements. Many messages include threats like, "failure to comply will result in canceling your account," or "if you don't confirm your information, your email won't work." The email message asks the recipient to confirm or provide some personal information. Often, the recipient is asked to provide the information by clicking a website link in the email. But while the link to the website may look legitimate, the link that is displayed is not necessarily the actual site you visit when you click on it.
The link that appears to be to your bank's homepage can actually point to a different site that is designed to look exactly like the official website with spaces for you to enter whatever pieces of personal information they are hoping you'll provide, such as your password, credit card number, PIN, social security number, or date of birth. When you click the "submit" button, all the personal information that you entered is now sent to individuals who can use that information to make purchases, open new credit accounts, or take out loans - all in your name.
What you can do about phishing, vishing, and smishing
- If you receive an email, phone call (vishing), or text (smishing) asking you to provide personal information, such as your social security number, password, or account numbers, do not respond.
- If you receive a request that appears to be from a friend but seems out of context, contact that person and ask if they sent it.
- Before you click on links, hover your cursor over the link to see where the link really goes. Always practice this skeptical hover technique to tell where a web link really goes. When you put your cursor over a link without clicking, your web browser will display (usually on the bottom of the screen) the actual address that it will go to.
- Type addresses directly into your browser instead of clicking on a link.
- Don't enter personal or financial information into pop-up windows.
- Keep your computer software current with the latest security updates.
Links and attachments
Always be a bit suspicious of the messages that you receive, especially those that include attachments or links. The sender's name can be forged, so it's not good enough to just know the sender. Call the sender of the message if you are unsure. Ask yourself if the content of the message is written the way you expect the sender to write. And even if the source looks legitimate, avoid clicking any attachment or link contained within the message unless you know what it is and why you received it.
Video
Receive a suspicious message?
Visit The Phish Bowl to view the latest phishing alerts and/or to report phishing.
What is the difference between spam & phishing?
Spam is the sending of unsolicited mailings for marketing or other exploitive purposes. Unlike phishing, spammers do not attempt to collect personal information.
Ways to reduce spam include:
- Never replying to the message and ignoring email addresses or Web URLs provided.
- Hiding your email address from online profiles.
- Using email filters if your mail program provides them. If you need assistance, please contact the Service Desk at 609-258-HELP or [email protected].
Other kinds of phishing
- Vishing: Scammers sometimes use phone calls or voice messages to impersonate legitimate businesses and try to trick you into giving them personal information or money. The calls can be made by people or done by robocalls. Phone numbers are sometimes spoofed in an effort to mislead you.
- Smishing: Scammers send phishing messages through text messages or messaging apps. Similar to phishing emails, you are often asked to click a link. The link may take you to a fraudulent login page in hopes of collecting your username and password or direct you to a malicious site that infects your device.