How to recognize a phishing attack and what to do if you click on a link

What is Phishing?

Phishing is a psychological attack used by cyber criminals to trick you into giving up information or taking an action. Phishing originally described email attacks that would steal your online username and password. However, the term has evolved and now refers to almost any message-based attack. These attacks begin with a cyber criminal sending messages pretending to be someone you know. There are a wide range of forms this could take, some could pretend to be your friend, your bank, or store.

These messages will entice you into clicking malicious links, opening an infected attachment, or responding to a scam. Cyber criminals craft these good-looking emails and send them to millions of people around the world. The criminals do not know who will fall victim. They simply know that the more emails they send out, the more people they will have the chance to hack. In addition, cyber criminals are not limited to just email but will use other methods, such as instant messaging or social media posts.

What is Spear Phishing?

The concept is the same as phishing, except that the targeted messages are sent to a few people instead of many. With spear fishing, the cyber attackers learn about their targets, by reading the intended victims' LinkedIn or Facebook accounts. They would also read messages they posted on public blogs or forums. Based on this research, the attackers then create a highly customized email that appears relevant to the intended targets. This way, the individuals are far more likely to fall victim. 

Why Should I Care?

You may not realize it, but you are a phishing target at work and at home. you and your devices are worth a tremendous amount of money to cyber criminals, and they will do anything they can to hack them. YOU are the most effective way to detect and stop phishing. If you identify an email you think is a phishing attack, call your security team right away. If you are concerned you may have fallen victim, do not hesitate to contact them.

Open

Phishing Indicators

1. Check the email addresses. See if the "FROM" address is someone's personal account. If email address reads @gmail.com or @hotmail.com it is most likely an attack. Also, check the "TO" and "CC" fields. Is the email being sent to people you do not know or do not work with?

2. Be suspicious of emails addressed to "Dear Customer" or that use other generic salutation. If a trusted organization has a need to contact you, they should know your name and information. Also ask yourself, am I expecting an email from this company?

3. Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them.

4. Be suspicious of any email that requires "immediate action" or creates a sense of urgency. This is a common technique to rush people into making a mistake. Also, legitimate organizations will not ask you for your personal information. 

5. Be careful with links, and only click on those that you are expecting. Also, hover your mouse over the link. This shows you the true destination of where you would go if you clicked on it. If the true destination is different that what is shown on the email, this is an indication of an attack.

6. Be suspicious of attachments. Only click on those you are expecting

7. Be suspicious of any message that sounds too good to be true. No, you did not just win the lottery.

8. Just because you got an email from your friend does not mean they sent it. Your friend's computer may have been infected or their account may be compromised. If you get a suspicious email from a trusted friend or colleague, call them on the phone.

Other Indicators:

• May contain fuzzy logo symbols, which are not genuine

• May not contain email signatures or any contact information

• May contain bad grammar and capitalized letter errors

• Generally require you to take quick action, such as verifying your account to prevent it from being deactivated

• Be particularly vigilant during holidays or during significant events since attackers heighten their activity during these times.

What to do if you get a phishing email?

• You may need to contact the sender via another channel such as calling them to confirm the message is legitimate.

• Never respond to any email with confidential information. Fredonia and other legitimate businesses will never ask for this information via email.

• Use your mouse to hover over links in an email. This will show you the actual website you will be directed to if you click on the link. It is always best to type the address yourself into your web browser, rather than clicking a link in an email.

Reporting a phishing email in Outlook on the web (OWA) is a straightforward process that helps protect both you and your organization from scams. The easiest way to do this is by using the built-in "Report" button, which is standard in most modern versions of Outlook.

Here is a step-by-step guide:

• If you don't see the "Report" button directly, it may be hidden under the three dots (...) or a dropdown menu labeled "More actions".

1. Click the "Report" button.

2. From the dropdown menu that appears, select "Report phishing".

• The reported email will be moved from your inbox to your Junk Email or Deleted Items folder.

• The email is automatically sent to Microsoft's security team for analysis.

• This action helps to improve Microsoft's spam and phishing filters, which can protect you and other users from similar threats in the future.

What should I do if I clicked on a link, opened an attachment or provided information via a phishing email?

• Email the Fredonia ITS Center immediately or call 716-673-3407.

• If you entered your password, change it right away by going to https://fredpass.fredonia.edu.

• Check your anti virus software or computer security if you click a link but did not enter your password

• Depending on the type of phishing attempt, you may need to check you other online accounts (e.g. financial etc.).

Immediate Actions

Act quickly to contain the threat.

1. Disconnect from the Internet: Immediately turn off your Wi-Fi or unplug your Ethernet cable. This prevents any malware from communicating with the attacker's server or spreading to other devices on your network.

2. Do Not Enter Information: If the link took you to a website, do not enter any passwords, credit card numbers, or other personal/sensitive information. Close the browser window immediately.

3. Stop Downloads: If a file automatically downloaded, do not open it. Delete it immediately.

Secure Your Accounts

If you entered any login credentials or financial information, or if you were logged into a sensitive account when you clicked the link, assume that account is compromised.

1. Change Passwords:

   • Change the password for the account the scam was impersonating (e.g., if it was a fake bank login, change your real bank password).

   • Change the password for your Fredonia email account by going to https://fredpass.fredonia.edu., as scammers often target email to gain access to other accounts.

   • Change passwords for any other accounts that use the same or a similar password as the compromised one.

   • Crucially: Do this on a different, secure device (like a smartphone not connected to the suspicious network) if possible, or wait until your primary device is fully scanned and cleaned.

2. Enable Multi-Factor Authentication (MFA): Turn on 2FA/MFA for all critical accounts (email, banking, social media, etc.). This makes it much harder for a scammer to log in, even if they have your password.

3. Check for Suspicious Activity: Review your accounts (bank, email, social media) for any unauthorized logins, transactions, or changes.

Scan and Protect Your Device

1. Run a Full Malware Scan: Reconnect to the internet only long enough to update your anti-virus/anti-malware software, then disconnect again and run a full system scan. Remove any threats that are found.

    

2. Backup Important Files: Back up your essential files (photos, documents) to an external drive or cloud service. This ensures you can restore them if a clean-up requires wiping your system.

Report and Monitor

1. Contact Financial Institutions (If Applicable): If you entered financial information (credit card, bank account, etc.), call your bank or credit card company immediately using the official phone number on the back of your card or their official website. They can cancel cards and monitor for fraudulent activity.

2. Place a Fraud Alert: If you shared very sensitive personal information (like your Social Security Number), consider contacting one of the three major credit bureaus (Experian, Equifax, or TransUnion) to place a fraud alert on your credit file.

3. Report the Scam: Report the phishing attempt to help protect others.

   • Forward the email (if applicable) to the organization the scammer was impersonating.

     In the United States, you can report it to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov and the FBI's Internet Crime Complaint Center (IC3) at ic3.gov.

   • For other countries, search for your national consumer protection or cyber security agency.

How to you protect yourself?

• Beware of messages that claim your account has been suspended

• Be suspicious of any email containing urgent requests for personal financial information

• Never click on a link in an email. Instead, always type the legitimate Web address of the site you want to reach directly into your Web browser.

• Be suspicious of email messages and other electronic communications from sources you do not know or recognize

• Use the latest versions of your operating system (OS) and applications

• Have the latest security software updates (patches) installed. This includes patches for your OS and applications

• Keep your anti-virus software up to date

• Report any suspicious emails

• Search

  Search Answers

Related articles