Phight The Phish
What is a Phishing Exploit?
A Phishing attack is a malicious message that is designed to get YOU to reveal sensitive information. This can come in the form of an email, a text message, a phone call, a social media post, or other communication method. The attack falls under the category of “social engineering”, which is a process where the hacker tricks you into believing they are someone else.
Falling for a phishing attack can be devastating. Your systems can be infected with malicious software, or malware, which can corrupt files or spy on you. The malware can spread to the network, and infect several connected devices. What the malware does varies, but when it infects, malware always causes problems. The attack can also compromise your university credentials, allowing the hacker access into the university network and university data.
What does a Phishing Exploit Look Like?
A phishing attack will typically come in the form of an email or text, appearing to come from a real source. This might look like your personal bank, a friendly club reaching out, or an old friend. The attacker may have made the effort to look up public or compromised information on the web, such as your name, a password or authentication code, or even your illegally obtained social security number and included that in the email to make you think the message is from a legitimate source.
How to Handle a Phishing Attack
If there is a possibility that an email might be a phishing attack, the most important thing to do is not click on any links or open any attachments. Instead, find the supposed source of the email, and check with them directly. This means navigating to the official website of the company or contacting the sender if the sender is a personal contact or friend. Calling the company can help clear up whether or not the email is a phish. If the email does turn out to be a phishing attack, report it, or alert a supervisor to the email.
Click on the Phish Alert Button in the email to report it to the Information Technology Security Team. Alternatively, forward the message to APITSecurity@apsu.edu or call 931-221-4357.
Phishing VS. Spam
Phishing and Spam emails can seem like the same thing. They both take up space in your inbox, and seem to demand your attention. There is a clear difference, however, in what their purpose is. A Phishing Email has malicious intent, and wants you to click on a link or provide information. Spam does not, and is just an unwanted email that is sent in bulk. Evaluate whether or not an email is a phish or spam before reporting it.