Phishing is when cyber criminals send official-looking emails attempting to fool you into disclosing sensitive information — such as usernames, passwords, banking account numbers, or social security numbers — or infecting your device with malware. They often try to gain your trust by pretending to be a trusted individual or from a legitimate organization, including the UNIT Service Desk.
It's important to understand the threat of phishing to you as an individual and to Villanova as an organization. A successful phishing campaign can lead to identity theft, financial loss, and put university data and systems at risk.
Report the Phish
All Villanova University students, faculty, and staff members who a receive suspicious e-mail should report it immediately to by using the Report Phish Button in Outlook. Even if you are not sure, it is better to have the message checked first.
In addition, just because you may easily identify a phishing attempt, you should still report the message rather than deleting it. What might be obvious to you may not be to another individual, and reporting the phish will allow UNIT to remove it from all other Villanova email inboxes before someone else takes the bait.
Remember: If you see something suspicious, report it!
Common Signs of a Phishing Email
Cyber criminals often tell a story to trick you into replying, clicking on a link, or opening an attachment. Here are some of the common signs that the message is a phishing attempt, even if they attempt to look legitimate.
- Unsolicited requests for personal information like Social Security numbers, bank account details or passwords.
- Promised prizes or offers that seem too good to be true, like a guaranteed high return on investment or access to hidden information.
- Urgent language to get you to act quickly without thinking ("Prevent your account from deactivation").
- Threatening language to scare you into doing what they say ("Failure to act may result in a fine or legal action").
- Unusual payment method requests like gift cards, prepaid debit cards, cryptocurrency, wire or money transfer, or mailing cash.
In addition to the signs above, consider the following questions when evaluating an email as a phishing attempt.
- Do you recognize this sender? Have you communicated with them before?
- Is someone using a non-Villanova email address to contact you about work-related matters?
- Is the reply-to address is different than the sender address?
- Is the tone or topic of this email usual for how the sender would normally communicate with you?
- Does the message use vague language like "Valued Customer" or "Client"?
Tips to Avoid Phishing Scams
- Never share personal or financial details with someone you don’t know or trust, especially via email.
- Be skeptical of unsolicited outreach and never use contact information provided in suspicious emails.
- Resist the pressure to act immediately. Think before you click, respond or open attachments.
- Verify a link is legitimate by hovering your cursor over the link to see where it leads.
- Pay attention to inconsistencies in outreach like poor spelling and grammar, or an [EXTERNAL] tag on an internal email.
- If you're still tempted to respond, reach out using information found on an official website or previous legitimate communications.
Additional Resources