Cybersecurity Awareness Month: Protect yourself from phishing

Media Inquiries

615-322-6397 Email

Latest Stories

Vanderbilt welcomes new executive director of Advanced Computing Center for Research and Education
WATCH: The Wond’ry builds a climate-positive future with Climate Innovation Accelerator
WATCH: Class of 2024 students build belonging in personal ways

Oct 28, 2020, 8:44 AM

October is National Cybersecurity Awareness Month, and Vanderbilt University Information Technology is sharing tips for staying safe and secure online. This article focuses on protecting yourself from phishing.

Since the creation of email, scammers have used phishing attacks to trick victims into revealing sensitive information. Phishing is when an attacker sends an email that looks and feels real but is actually designed to trick you into clicking a link or downloading an attachment to steal personal information or infect computers. In short, phishing is any email with malicious intent.

Attackers use phishing emails to steal the following:

In the early days of phishing, attackers would send very simple and direct email messages to trick users into replying with sensitive information or handing over money. While these direct email messages are still very much a tactic used today, many attackers now choose to use more sophisticated methods of phishing. Modern phishing campaigns typically include any or all of the following:

In addition to new tactics, the focus of many modern phishing campaigns also has grown to include new, more targeted attacks. Attackers have started building sophisticated campaigns that directly target specific individuals.

Spear phishing – a phishing campaign that is personalized to directly target a specific person.
Whaling – a phishing campaign that targets a group of high-profile individuals in a company.
Clone phishing – a phishing campaign where attackers make a copy of a legitimate email and send out an almost identical or “cloned” version that contains malicious links or attachments.
Vishing – a phishing campaign where attackers use phone calls or leave voice messages to trick recipients into revealing sensitive information.
Smishing – a phishing campaign where attackers use text messages to trick recipients into revealing sensitive information.

If I spot a phish, what can I do about it?

If you spot a phishing email, you can report it to VUIT Information Security by one of two methods:

Using the Outlook email client, you can use the “Report Message” button and select phishing.
If you are not using Outlook or the button is not available, you can forward the phishing email (as an attachment) to phishing@vanderbilt.edu.

What do I do if I clicked on (or entered credentials into) a phishing email?

Reset VU and personal passwords. You can find help for this on VUIT’s Identity Management webpage.
Contact VUIT Support for an anti-virus scan by calling 615-343-9999 or submitting a help request at help.it.vanderbilt.edu.

Cybersecurity Awareness Month: Protect yourself from phishing

Media Inquiries

Latest Stories

Share

If I spot a phish, what can I do about it?

What do I do if I clicked on (or entered credentials into) a phishing email?

Explore Story Topics