What is Phishing?

Phishing is usually an attempt to deceive you into thinking a legitimate organization is requesting information from you. These requests for information may look innocent at first glance or may seem to come from a legitimate source, but do not. These scams request you reply to an email, respond to a request by phone, or follow a link to a web site.

Email phishing attempts often give clear indications that the request is not legitimate and we will show you some examples on this page.  Links to web sites (sent to you through email) often take you to web pages that look very similar to the legitimate service the email is faking. Banks, E-bay, and online e-cash services like PayPal are common targets; however, phishing attempts are sometimes targeted against specific groups or lists of individuals and are called “spear phishing.”

In addition, sometimes links or email addresses can be masked. They appear to be legitimate, but if you hover over the link or actually click it – it is a different URL or email address.  This trick is becoming more and more common.  Note this URL….

www.yahoo.com

It would seem that if you click on the link it would take you to yahoo.com – however, if you just hover your mouse over the URL above, or click on the link, you will notice that it is really a URL to Google. The name of a URL can be easily masked by changing a hyperlink to any site.  Some scammers do this to their email addresses.

What does a Phishing email look like?

Phishing emails often attempt to use emotional triggers to get you to react quickly without thinking through whether you should respond, such as dire language about time limits, loss of service, penalties, or language targeting a desire for money. They often have grammar, spelling, and syntax errors, and phrasing that a native speaker would not use.

An example would be an email with a generic greeting warning of a change in an account requiring you to verify your account information. These emails typically include directions to reply with private information, or provide a link to a web site to verify your account by providing personal information such as name, address, bank account numbers, Social Security numbers, or other sensitive personal information.

Indicators of a phishing email:

  • Name and email address don’t match
  • Attempt to prove legitimacy using words such as ‘Official’ or ‘Important’
  • Uses a real organization or company name but incorrect email address
  • Poor grammar or misspellings
  • Unsolicited requests for personal information are a clear danger signal
  • Indications that something has been compromised or that they need verification.

Will central office staff (Finance, HR, IT and other departments) send an email asking that you email them personal or sensitive information without having a conversation with them first?

The short answer is NO.  Obviously, CCPS uses email as an important means for communication.  If you suspect a request for any kind of information is not legitimate – please just take an extra minute to verify the authenticity by making a phone call or using another method (other than email) to check.

Why can’t CCPS stop these emails?

The CCPS IT department stops thousands of phishing attempts, spam emails, and virus infected messages every day, but the methods scammers use change very quickly.  Due to the variety of use for CCPS email, we must also be careful not to implement filtering which may block otherwise legitimate email. 

How can I avoid phishing scams?

  • Never send passwords, bank account numbers, or other private information in an email.
  • Avoid clicking links in emails especially any that are requesting private information.
  • Be wary of any unexpected email attachments or links, even from people you know.
  • When in doubt, verify that the email is legitimate. Don’t assume.

What should I do if I think I have been scammed by a phishing?

  • If it is a CCPS account, please contact the IT department at 443-550-8100.
  • Change your password.  Please refer to the following CCPS IT blog article which will give you more information regarding having a strong password. https://ccpstechnews.blog/2017/03/13/my-paw0rd-is-a-good-one-right/.
  • If it is not a CCPS account, still change your password and contact the institution, bank or organization that you believe may be compromised.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s