Phishing scams are a form of social engineering attack where attackers pose as a reputable source, such as a trusted company, to deliver a fake email that looks and feels real. The fake email is designed to trick you into clicking a link or downloading an attachment to steal your personal information or infect your computer. This information—such as usernames and passwords—can then be used to compromise an entire organization’s network. Scams also may be conducted via phone (vishing attacks) or text/SMS (smishing attacks).
Here are some steps you can take to avoid being the victim of a phishing attack.
Take the time to look for common indicators of phishing:
- Suspicious sender—Attackers frequently pose as a reputable source by faking a familiar email address. For example, an attacker might use something that includes a familiar organization’s name, such as firstname.lastname@example.org.
- Impersonal greeting or closing—Scam emails might have a generic salutation or signature, such as “Dear customer” or “Dear sir.”
- Sense of urgency—Attackers often include language to entice you to act immediately by clicking a link or downloading an attachment. For example, an attacker may pose as a financial institution and send a warning that your password must be changed immediately to continue to access your funds.
- Grammar and formatting—Scam emails may employ improper grammar, misspelled words, irregular punctuation and/or inconsistent formatting.
Review hyperlinks before clicking. Always hover over hyperlinks before clicking to see where you will be directed. Don’t click if it’s not a known, trusted source.
Leverage multi-factor authentication (MFA). Most companies offer a form of MFA as part of the standard login procedure. For example, your bank may have you verify a code via text or email upon logging in.
Never provide sensitive information via email. If you are asked by a colleague or trusted source to provide sensitive information, always verify the request with them directly.
If you believe you’ve received a phishing email, please report the incident to VUIT.
- If you use Microsoft Outlook (Windows or Mac), select the Report Message option in the top toolbar and choose Phishing from the drop-down menu.
- If you don’t use Outlook or the button is not available, please send the phishing email (as an attachment) to email@example.com.
You also may call VUIT Support at 615-343-9999 or submit a help desk ticket at https://it.vanderbilt.edu to discuss any questions or report an attack.