Understanding Phishing Emails
Everyone who has an email has, at some point, received a email that is designed to take advantage of you. Sometimes we don’t hear about the phishing scam itself, which is an attempt to get you to provide personal information, financial information, or want you to click on a link or attachment that will allow for virus’ or malware to infect your computer. What we do hear about is a stolen identity, hacked bank account, or one of many other adverse outcomes from phishing email scams. Over the last couple of years attempts to get you to take action on a phishing email have gotten very sophisticated and can even appear to be from trusted sources, like your bank, your job, or event friends and family.
What is phishing?
Phishing emails are scams that seem to come from a trusted source trusted email sender, but trick you into giving up private information or taking risky actions.
Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (for example, your university, your internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (for example, passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.
One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to “click here” to verify your information.
Phishing scams while appearing legitimate and sophisticated are really crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (for example, email, bank account). Such a claim is always indicative of a phishing scam, and responsible companies and organizations will never take these types of actions via email.
Can I prevent it?
- Think before you click:
Do you recognize the sender, if not or if you are unsure, verify the sender is who you think it is.
How: Double-click or tap the sender’s name at the top of the email to view the real email address. (In Gmail, hover without clicking.)
- Rethink clicking the link if you can’t verify the sender. When in doubt do not click at all.
How: If the email refers to a known website, type that website address into a new browser window instead and check for information there.
- Suspect it’s a phish but not sure, ask for help.
How: Contact DoIT for help.
TAMU offers resources to help you find some guidelines to protect yourself from these attempts.
- TAMU Resource for Phishing Scams:
- TAMU Resource for protecting your identity:
- TAMU Resource for Safe Computing:
Even with TAMU’s sophisticated security measures, YOU are still the best defense against scam emails.