A Guide to Understanding Phishing

Image showing fish trying not to get hooked with text about not getting hooked,

What is Phishing?

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card detail by masquerading as a trustworthy entity in an electronic communication.

  • Phishing emails may contain links to websites that are infected with malware
  • Phishing can come in more than one form: email, instant messages, pop-up, online postings, and telephone
  • Phishing requires YOUR HELP in order to succeed

If you have any suspicion or uncertainty, DON’T RESPOND BY CLICKING.  Just contact the sender of the email through your normal mode of communication.  This is always your best protection.  It’s that simple.  It’s your responsibility to protect your personal information.  

Why is Phishing Popular?

Phishing remains a major security threat to businesses and their customers around the world and the threat keeps rising.  It’s estimated that businesses suffer $2.1 to 3 billion from phishing related losses yearly.  Why is it popular, you ask?  Because:

  • It’s a very lucrative illegal business  
  • Phishing attacks are relatively easy to create and distribute, and
  • Phishing often works (for the criminal) 

How to Identify Phishing

Below are a few common characteristics often found in phishing messages:

Request for personal information - The telltale sign of a phishing message is the request for personal information, e.g. password, date of birth, address, name, account information… Legitimate institutions should never ask for your personal information via email.

Urgent/Threatening language - Many phishing emails convey treating language such as Your access will be revoked if you do not... or Your account will be terminated if you do not... is often used to invoke an immediate response.

Problematic URLs

  • The URL should match what you are expecting from the sender
  • The displayed URL should mirror the actual link -- On a non-touch device, hover over the link with your mouse and compare the URL link.
  • A legitimate URL should be secure. Never log into a website that's not secure -- look for https:// 

Poor grammar/misspellings - The largest propagators of phishing attacks are from countries where English is not their first language. Use this to your advantage by spotting poor grammar and misspellings as a red flag, but beware: some phishing emails have perfect grammar.

Subject matter not relevant to you - For example, if you don't bank at Regions, don't fall for a phishing message "from" Regions. If you have not recently ordered anything that would be shipped by FedEx, don’t fall for a message from FedEx.

Good Practices - Common Sense

Often, common sense goes a long way in protecting you and your data from phishing. Here are a few general rules:

  1. Don’t trust email that comes out of the blue or you are not expecting which requires you to reveal a password or other personal identifying information
  2. Don’t trust an unexpected email on its own authority – even if it LOOKS legitimate. If the email contains a link that takes you to a site asking for any password or other personal information, DON’T RESPOND BY CLICKING. 
  3. Remember, legitimate institutions should never ask for your personal information via email or a link to another site.  Instead, they will instruct you to use your normal means of accessing your personal data.   Be very wary of emails that do not follow that practice. 

Protecting Yourself from Phishing

Phishing is an act of masquerading as a legitimate business or entity to commandeer your personal information for someone else’s gain.  It’s your responsibility to protect your personal information.  DON’T RESPOND BY CLICKING.  Just contact the sender of the email through your normal mode of communication.  This is always your best protection.  It’s that simple. 

If you receive a suspicious email, please contact the Computer Center at suspiciousemail@southalabama.edu or (251) 460-6161.