Phishing

Boat and text Phishing
What is Phishing? (pronounced Fishing)
Phishing is a form of fraud where an email sender pretends to be a legitimate company in order to trick the email recipient into sharing important personal information like passwords and account numbers.

Tips to Identify Phishing

  • Do you recognize the sender?
  • Email asks you to click on a link or icon that looks suspicious
  • Urgent or too good to be true claims
  • Asks you to provide your password or other personal information
  • “To:” field is blank or not your email address
  • Does the email make sense? Example are you getting a message from a retailer you haven’t shopped at in years.
  • Be wary of shortened links including tiny.cc, bit.ly, ow.ly, goo.gl, and t.co.While some cases such as twitter call for character limits and URL shorteners can be helpful. We strongly recommend refraining from clicking on links obscured by a URL shortener in an email.

Note: The Division of Information Technology and Google will never send unsolicited (meaning you didn’t contact us first for help) messages asking for your password or personal information


How to Protect Yourself Against Phishing?
Keep your virus protection software up-to-date
DO NOT click on any links in the message
DO NOT reply to the message
DO report the Phishing message

Why Report Phishing?
Reporting a message as phishing will prevent that user from sending you more emails. Also, the Google abuse team will use the report to help thwart the attack and others like it.

How to Report Phishing?

1. Click the drop-down arrow next to “Reply
2. Select “Report Phishing”
3. Click “Report Phishing Message” in the message window
4. The Email will be moved to Spam – after you report the message you can delete it from your Spam.

Phishing 2

Phishing 3

What if I accidentally respond to a Phishing message?
Please contact TechHelp@fitnyc.edu with the full email including headers that you replied to and Change your Password.

Top 10 Global Most-Clicked Global Phishing Email Subject Lines

The Top 10 Global Most-Clicked Global Phishing Email Subject Lines for Q2 2017 according to KnowBe4 include:

Chart of Top 10 Phishing Emails by Subject

  1. Security Alert – 21%
  2. Revised Vacation & Sick Time Policy – 14%
  3. UPS Label Delivery 1ZBE312TNY00015011 – 10%
  4. BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
  5. A Delivery Attempt was made – 10%
  6. All Employees: Update your Healthcare Info – 9%
  7. Change of Password Required Immediately – 8%
  8. Password Check Required Immediately – 7%
  9. Unusual sign-in activity – 6%
  10. Urgent Action Required – 6%