Know the Signs of Phishing!
What to look out for when reading emails
Don't be a victim!
Never give out personal information such as passwords, Social Security, bank and credit card numbers in an email!
Never give out personal information over the phone unless you initiated the call to a verified phone number.
Do not click on or visit links within an email message unless it is business related, even if it appears to be from someone you know because email addresses can be spoofed.
Do not open an attachment unless you are expecting it and it is business related, even if it appears to be from someone you know because email addresses can be spoofed. If you have reason to believe the link or attachment is valid, verify the identity of the sender by initiating the contact using a validated phone number or web site.
Phishing emails may appear legitimate, but they are usually identifiable by certain characteristics. Should you experience a phishing attempt, please report it to Marilyn Meador.
Did the email really come from that person you trust?
Where did the email originate? Although the from in the following example seems valid, if you look closely, you'll see that the mailto: is a gmail account instead. If they don't match, this is definitely a phishing attempt.
Official email from A&M System components will usually not originate from gmail accounts. Don't be fooled by similar spellings, either (i.e., email@example.com).
Note: Most legitimate emails have real names in the from, but you still need to look at the email address to confirm its validity.
Is this really the site you wanted?
Where will the links take you when you click on them? When you hover your mouse cursor over links in an email, you should look to see whether the displayed link actually matches the text of the link in what you see when you are not hovering over it:
In this case, the actual link you will be taken to is a non-secure site – different from what the link appears to be directing you to. This is a good indication that the email you are viewing is a phishing attempt.
Avoid the Bait of a Phishing Scam
Online con games are designed to prey on unsuspecting recipients with attention-getting e-mails that appear to come from legitimate institutions. Examples include:
- Financial institutions such as banks, savings and loans, or mortgage accounts
- A shipping or packaging company that has the words 'Delivery Failure' in the subject line
- A fake e-mail from FBI Director Robert Mueller or another official.
- A message from "your" helpdesk or e-mail service asking for account information, passwords or other personal information
The messages may ask you to 'update,' 'validate,' or 'confirm' account or e-mail address information, or will include links that direct you to a site that looks like the actual Web site. The purpose is to trick the you into divulging personal information or to download malicious code that can record all keystrokes including passwords or copy contact list information to scam friends and family or commit other crimes in the your name.
- FTC Consumer Information - ID Theft, Privacy, & Security: Privacy & Security
- How to recognize phishing email messages, links, or phone calls
- Department of Homeland Security | Cybersecurity
- Texas A&M University - Social Engineering and Phishing Attacks
Phish or no Phish?
Have you ever wondered if you could tell a real site from a bad site? If so, take this quick quiz to test your skills.