What is phishing?
Phishing uses legitimate-looking email or fraudulent websites to encourage you to give up your personal data or information, such as your social security number, credit card numbers, passwords, etc. It is an attempt to acquire sensitive information about you and could lead to identity theft.
It is important to keep in mind that reputable organizations do not normally contact their customers asking for personal information.
Learn 5 easy ways to identify a phishing email:
1. Look at the email address not just the sender
Sometimes an email will look like it is coming from IT, the Help Desk, or even your bank. If you look closely at the email address next to the name of the sender, it often reveals an email address that is not even closely related. All St. Thomas emails end in @stthomas.edu. Legitimate organizations do not ask you to supply your personal information via email. If you are concerned about a suspicious email, contact the Tech Desk.
2. Urgent action required
Phishers and hackers use scare tactics to bait users into clicking links or providing their username and password. If you see an email that tries to get you to take action such as "your account will be deleted if you don't respond" or "click here NOW to upgrade your account," then you can bet it is a phishing email. If the tone of the email seems threatening, contact the Tech Desk directly to verify its authenticity.
3. Typos and improper grammar
Check for misspelled words and grammar mistakes. This is a quick and easy way to spot if it is a scam.
4. St. Thomas NEVER asks for your personal information via email
Impersonal use of language like "Dear user" can also clue you in. While it is true that your email expires after you no longer a student or employed by St. Thomas, you still will never need to take any action. This is an automated process and your account itself lasts forever to allow you access into Murphy Online. You can learn more about this process on our student account and faculty/staff accounts page.
5. What website does it lead to?
If it asks you to click a link, pay attention to where it is trying to take you before you click. You can hover over links before you click on them. Does it lead you to the correct site? Is the website URL misspelled? Does it look like it is going to bring you to a different site completely? Phishers often setup fake websites with similar names, but if you take a moment to hover before you click it will help you identify the scam.
- Don't open attachments from unknown senders - In hopes that you will open a file out of curiosity, hackers often attach malicious files with viruses to their emails. Never open an attachment from an untrusted sender.
- Watch out for too many "FREE" offers - If it seems too good to be true, it probably is.
- Keep your email for St. Thomas purposes only - When it comes to email for personal use, we recommend using an alternative account such as Gmail, Yahoo, Hotmail, etc. This helps promotions and ads out of your email and can decrease your spam.
- When in doubt, always contact the Tech Desk - we can help you determine if this is a malicious email.