Information Security Scam/Spam Advice
What is Phishing?
Phishing is a form of social engineering; hackers use deception to manipulate you into divulging confidential or personal information, and then use that information for fraudulent purposes. Phishing attacks usually come as email. Hackers pose as trustworthy people and organizations to trick you into giving them sensitive data like your username, password, social security number, or credit card information.
How can I tell if an email is a phishing attempt?
When you get an email that seems suspicious, follow these tips to avoid becoming a victim of phishing.
- Look at the URL of any link included in an email. Phishing emails typically include a link. Scammers want you to click this link to gain access gain to your computer or access to your sensitive data. Beware! Hover over any link to see where it is taking you before you click. If you do not recognize the URL, do not click the link.
- Watch for poor spelling and grammar. Scammers have become very sophisticated. Many now use specialized translation tools; improper grammar and spelling are no longer a giveaway. Remember that official SIU emails are always spell-checked, and should be error-free.
- Beware of urgent or threatening language. Do not trust emails that say “your account has been suspended” or “verify your information.” Scammers use language like this to get your attention. Students should also be aware of requests for financial aid documents, job offers, and email account information. If in doubt, call the University office responsible the request.
- Phishing can happen anywhere, to anybody. When in doubt, report scam email by forwarding the message to firstname.lastname@example.org or call SalukiTech at 618-453-5155.
What can I do to prevent spam?
The recommended procedure for "regular" annoying spam is to:
- Log into your Office 365 account.
- Find the spam message.
- Click the checkbox next to it.
- Right-click the message, and choose junk.
Managing spam this way helps Microsoft increase the accuracy of their spam filters. It also decreases the likelihood that similar messages will get through to others users in the future. Regular spam does not need to be reported to Information Security.