shortcut to content
Minnesota State University, Mankato
Minnesota State University, Mankato

Phishing

Page address: https://www.mnsu.edu/its/security/cyberaware/phishing.html

Phishing is malicious communication. Usually in the form of email, simply visiting a link or downloading an attachment can compromise your computer and/or account. Follow the steps on this page to reduce your risk. For more information and instructions on how to report it see Report Spam & Phishing.

What is phishing?

Phishing is the term given to communications, usually email, where the attacker tries to fool the target into revealing private information about themselves or their organization. Often claiming to be IT Solutions, the attacker will usually include hyperlinks to malicious websites in the email that appear to be legitimate or include malicious attachments. Simply visiting the URL or downloading the attachment can be enough to compromise your machine.

How does phishing affect me?

If your account is compromised, attackers will often start sending out more phishing emails from your account. This could damage your reputation and decrease the trust others place in your future emails.

Additionally, attackers may be able to compromise any other accounts attributed to that email address. This could include bank accounts, social networking accounts, file back up, remote connection to your computer, and so on.
 

How can I tell if it’s phishing?

Attackers will often use a sense of urgency in their messages. For example:

  • “Your account will be disabled unless you act now!!!”
  • “Please update your account information or your account will be terminated.”
  • “Your mailbox storage has exceeded the quota.”
  • Often, they will include a link or attachment. These will usually, although not always, require some action on your part, such as clicking or downloading, to be successful.
  • Spelling and grammatical errors are very common among phishing communications. Many of the attacks originate from overseas or from people who don’t speak English as their first language. Although this is not always the case, treat emails with excessive grammatical errors with extra scrutiny.

How can I protect myself from this?

DON’T CLICK ON LINKS!

When you receive an email about your account, instead of clicking on the link, open your browser and manually type in the site address. From there, click to your account management and make the changes that need to be made.

Because you are going to the site yourself, you can be more confident that you are in the right place. A bank or other financial institutions should never be sending you emails with links in them.

Seriously, Don’t Click On Links.

Although a link in an email may appear to be leading you to a legitimate site, for example: http://www.mnsu.edu.
It may in fact be leading you to a compromised or malicious site like: http://compromised.website.cn/mnsu/edu.

Attackers will make a link into a hyperlink that appears legitimate when you look read it, while instead opens a different address. It is important to be aware of what website you are on in your browser.

Take A Minute To Verify.

If you receive an email about your bank account being compromised, take the time to call your bank. If in fact your account is compromised, you will be able to get additional assistance over the phone.
It is important to use the phone number found on your bankcard and not a phone number included in the email.

Trust Your Spam Filters.

Digging through your spam folder and clicking on links is like dumpster diving for dinner. It isn’t likely you’ll find anything good.

Trust your spam filters. Modern spam filters are able to block messages based on trends. For example, if 10,000 Gmail accounts received the same email from the same address with the same link to reset your password, then Google’s spam filters are more likely to send that email directly to the spam folder.

If you feel that an email is legitimate, verify its legitimacy through means other than clicking on the link.