Email: What is Phishing?

Phishing is when cyber criminals send official-looking emails attempting to fool you into disclosing sensitive information — such as usernames, passwords, banking account numbers, or social security numbers — or infecting your device with malware. They often try to gain your trust by pretending to be a trusted individual or from a legitimate organization, including Technology Services.

Although cyber criminals are becoming more sophisticated in their scams, recognizing and reporting a phish is a skill that everyone at Villanova can learn to protect yourself, protect your peers, and protect the University. 

Common Signs of a Phishing Email

Cyber criminals often tell a story to trick you into replying, clicking on a link, or opening an attachment. This is most effective when you are multi-taking with your guard down. That's why it's important to take a pause and assess the emails in your inbox before acting.

Here are some of the common signs that the message is a phishing attempt, even if it looks legitimate.

• Unsolicited requests for personal information like Social Security numbers, bank account details or passwords.
• Promised prizes or offers that seem too good to be true, like a guaranteed high return on investment or access to hidden information.
• Urgent language to get you to act quickly without thinking ("Prevent your account from deactivation").
• Threatening language to scare you into doing what they say ("Failure to act may result in a fine or legal action").
• Unusual payment method requests like gift cards, prepaid debit cards, cryptocurrency, wire or money transfer, or mailing cash.
   

Tips to Avoid Phishing Scams

• Never share personal or financial details with someone you don’t know or trust, especially via email.
• Be skeptical of unsolicited outreach and never use contact information provided in suspicious emails.
• Resist the pressure to act immediately. Think before you click, respond or open attachments.
• Verify a link is legitimate by hovering your cursor over the link to see where it leads.
• Pay attention to inconsistencies in outreach like poor spelling and grammar, or an [EXTERNAL] tag on an internal email.
• If you're still tempted to respond, reach out using information found on an official website or previous legitimate communications.

Report the Phish

If you see something suspicious, report it using the Report button in Outlook. Even if you are not sure, it is better to have the message checked first.

In addition, just because you may easily identify a phishing attempt, you should still report the message rather than deleting it. What might be obvious to you may not be to another individual, and reporting the phish will allow Technology Services to remove it from all other Villanova email inboxes before someone else takes the bait.