Avoid phishing schemesPhishing is a criminal's attempt to swindle Internet users into revealing their personal information online. Phishers will try to get you to reveal your credit card and bank account numbers, usernames and passwords, or even your Social Security number.
Phishing often takes the form of an email asking you to verify or provide information. It may ask you to reply with the requested information, or it may link to a fake site that resembles a reputable one (e.g., Gmail, Yahoo, Facebook). Providing personal information in a reply email or through a fake Web site could put your accounts at risk for fraudulent activity or could make you a victim of identity theft.
If you encounter a phishing attempt or any other computer security threat (e.g., breaches, thefts, spam), you are highly encouraged to report the computer security incident immediately.
Spear phishing attacks are email scams tailored for a group of people with something in common. In UD's case, criminals send emails with UD-specific terminology, logos, names, and information to trick users into believing they are legitimate emails. Scammers do such a good job making emails look “individualized” or tailored to you that your spam filter may miss it-- leading you to click a malicious link or to surrender confidential information.
Be vigilant. If you receive email that looks suspicious or seems too good to be true, don’t click any links contained in the message.
Report spear phishing attempts to the IT Support Center using the Report a Phishing Scam page.
Follow the guidelines below to avoid phishing schemes.
- Reduce spam.
- Do not open emails from people or organizations you don't know. Instead, delete them immediately.
- Hackers may have stolen your friend's address book/contacts, so don't trust everything you supposedly get from friends.
- Never provide personal information, bank account or credit card numbers, or usernames and passwords in an email.
- Do not click links in emails (even an unsubscribe link). Instead, do a search or type the published URL of the site you're trying to reach in a new browser window or tab. You can hover your mouse over the link to see where it will actually go.
- Do not respond to phishing email asking to be removed from a mailing list. This will guarantee that you will receive more spam and phishing emails.
- Verify requests from your credit card or bank by calling the number on your statement or credit card, rather than responding to requests through email directly.
- Forward phishing emails to email@example.com and/or firstname.lastname@example.org and the company or organization being impersonated in the phishing message.
- Remove and avoid malware.
- Keep your browser up to date. Most browsers will warn you before visiting a fake site, but you must update your browser regularly for this feature to be effective.
- Be wary of shortened URLs, which most commonly start with http://bit.ly, http://goog.le, or http://tinyurl.com. These URLs hide the original link, so it's hard to determine if they go to real or fake sites. With reputable senders like the UD Communications and Public Affairs office, shortened URLs are likely not problematic. For other senders that are not (or may not be) reputable, it probably is safer to open a new window or tab, go to the URL of the site you're trying to access, and search for the information.
Deter. Detect. Defend. Avoid ID Theft (FTC)
If you've been scammed, visit the FTC's page on identity theft. It provides steps to take to recover from identity theft and resources to learn more information.
Avoid Phishing Scams (Video)
Shows how to identify phishing emails and fake links.
Phishing (OnGuard Online)
Provides comprehensive ways to identify and avoid phishing schemes. Also provides information to report phishing messages.
How to recognize phishing emails or links (Microsoft)
Tips to identify fake emails and avoid links that may send you to fake Web sites.
Identity Theft (Delaware Department of Justice - Attorney General's Office)
Follow these steps to avoid becoming a victim of identity theft, which could result from falling victim to a phishing scheme.