Phishing

Phishing (pronounced fishing) is a cybercrime in which targets are contacted by someone posing as a legitimate institution. The goal is to lure individuals into clicking on links that download malware or provide sensitive data, such as personally identifiable information or passwords.

Report Phishing
Fishing Boat with three people fishing
Waves 2 01
Clear Bubble
Clear Bubble

There are many types of phishing that you should spot so you don’t get schooled by a scam artist.

iPhone with protective waterproof case

Smishing and Vishing

SMS + Phishing = Smishing is the practice of using text messages to achieve a phishing scam.

Voice + Phishing = Vishing is the use of telephone calls to conduct a phishing attack.

Both methods use similar tactics to traditional email phishing to hook the target into believing the swindler is legitimate.

Scuba Diver Spearfishing With Fish

Spear Phishing

Spear phishing occurs when scammers use personal details to tailor the emails, text messages, or phone calls they use to bait individuals. Social media is a prime resource for spear phishers, be careful what you share publicly.

Whale

Whaling

Whaling is a highly targeted phishing attack aimed at reeling in senior executives to gain access to resources and/or to pose as leadership to net even more victims.

Angler Fish

Angler Fishing

Angler phishing is the practice of masquerading as a customer service account on social media, to lure disgruntled customers into handing over personal information. 

Below are just a few techniques you can use to check that an email is o-fish-al. Be alert if you encounter any of the following:

  • A warning banner: Google uses advanced security to warn you about dangerous messages, unsafe content, or deceptive websites. Even if you don’t receive a warning, don’t click links, download files, or enter personal info in emails, messages, webpages, or pop-ups, if you believe it could be a phish. 
  • A suspicious sender email address: Although some phishers may mask or create an email address that looks credible, phishing emails often come from addresses that don’t make sense or are slightly off. For example, an email from amaszon.com.
  • A generic salutation rather than your name: For example, an email begins “Dear account holder” instead of addressing you by name.
  • Urgent request to take a specific action: For example, you can double your frequent flyer miles if you click a link in the email and complete a registry form. 
  • Implied or explicit threats: For example, an email purporting to be from FIT or Microsoft may say your account will be deleted unless you verify your credentials. Remember, the Division of Information Technology and Google will never send unsolicited (meaning you didn’t contact us first for help) asking for your password or personal information.
  • The method used to contact you is suspicious: For example, you receive an email from your mortgage company on your FIT account, even though you provided your personal email address as contact information. 
  • URLs or shortened links that don’t go where they say they’ll go: Before clicking on links in an email, hover your mouse over it to see what the actual URL looks like to make sure it will take you where it says it will and only click if you trust the email is not a phish – when in doubt don’t click!
  • Poor grammar or spelling errors: While bad actors have improved their game, some may still contain multiple typos or spelling errors, indicating it is not a legitimate email.
  • Requests or demands for information the company they’re imitating should already have: For example, you receive an email, text message, or phone call from your bank, alerting you to fraudulent activity on a financial account, and a hold has been put on your account until you verify your account number. Your bank should never need you to verify your account number because they already have it. 

Plenty of Phish:
Phishing Attempts at FIT

Person in suit with hand outstretched for a shake

SPAM Emails with fake job offers

Teal -phishing- with binary background

Office 365 Phish Spoofing FIT Domain

lock on screen

Beware of Pell Grant Phishing Campaign

IRS form and Hand holding money overlaid with Tax Scam text

Tax Refund Phish

Video conference with person wearing a mask

Phishing campaigns target universities amid Omicron

Report Phishing

Add to your mental tackle box by viewing these additional resources.

Reporting A Phish Email

KnowB4's

Top-Clicked Phishing Emails

CISA Advisory

CISA Advisory

Avoid Social Engineering and Phishing

National Cyber Security Alliance

National Cyber Security Alliance

Resource Library

Phishing

Fishing Boat with three people fishing

Phishing (pronounced fishing) is a cybercrime in which targets are contacted by someone posing as a legitimate institution. The goal is to lure individuals into clicking on links that download malware or provide sensitive data, such as personally identifiable information or passwords.

Report Phishing
Waves 2 01
Clear Bubble
Clear Bubble
Clear Bubble
Clear Bubble

There are many types of phishing that you should spot so you don’t get schooled by a scam artist.

Clear Bubble
Clear Bubble
Clear Bubble
Clear Bubble
iPhone with protective waterproof case

Smishing and Vishing

SMS + Phishing = Smishing is the practice of using text messages to achieve a phishing scam.
Voice + Phishing = Vishing is the use of telephone calls to conduct a phishing attack.
Both methods use similar tactics to traditional email phishing to hook the target into believing the swindler is legitimate.

Spear Phishing

Spear phishing occurs when scammers use personal details to tailor the emails, text messages, or phone calls they use to bait individuals. Social media is a prime resource for spear phishers, be careful what you share publicly.

Fish
Scuba Diver Spear Fishing

Whaling

Whaling is a highly targeted phishing attack aimed at reeling in senior executives to gain access to resources and/or to pose as leadership to net even more victims.

Angler Fishing

Angler phishing is the practice of masquerading as a customer service account on social media, to lure disgruntled customers into handing over personal information. 

Angler Fish

Below are just a few techniques you can use to check that an email is o-fish-al. Be alert if you encounter any of the following:

  • A warning banner: Google uses advanced security to warn you about dangerous messages, unsafe content, or deceptive websites. Even if you don’t receive a warning, don’t click links, download files, or enter personal info in emails, messages, webpages, or pop-ups, if you believe it could be a phish. 

  • A suspicious sender email address: Although some phishers may mask or create an email address that looks credible, phishing emails often come from addresses that don’t make sense or are slightly off. For example, an email from amaszon.com.

  • A generic salutation rather than your name: For example, an email begins “Dear account holder” instead of addressing you by name.

  • Urgent request to take a specific action: For example, you can double your frequent flyer miles if you click a link in the email and complete a registry form. 

  • Poor grammar or spelling errors: While bad actors have improved their game, some may still contain multiple typos or spelling errors, indicating it is not a legitimate email.

  • Implied or explicit threats: For example, an email purporting to be from FIT or Microsoft may say your account will be deleted unless you verify your credentials. Remember, the Division of Information Technology and Google will never send unsolicited (meaning you didn’t contact us first for help) asking for your password or personal information.

  • The method used to contact you is suspicious: For example, you receive an email from your mortgage company on your FIT account, even though you provided your personal email address as contact information. 

  • URLs or shortened links that don’t go where they say they’ll go: Before clicking on links in an email, hover your mouse over it to see what the actual URL looks like to make sure it will take you where it says it will and only click if you trust the email is not a phish – when in doubt don’t click!

  • Requests or demands for information the company they’re imitating should already have: For example, you receive an email, text message, or phone call from your bank, alerting you to fraudulent activity on a financial account, and a hold has been put on your account until you verify your account number. Your bank should never need you to verify your account number because they already have it. 

Plenty of Phish:
Phishing Attempts at FIT

Person in suit with hand outstretched for a shake

SPAM Emails with fake job offers

Teal -phishing- with binary background

Office 365 Phish Spoofing FIT Domain

lock on screen

Beware of Pell Grant Phishing Campaign

IRS form and Hand holding money overlaid with Tax Scam text

Tax Refund Phish

Video conference with person wearing a mask

Phishing campaigns target universities amid Omicron

Person sending an email to spam (concept popup)

Beware of Subscription Renewal Phishing Emails

magnified glass over the word threat

Beware of false offers of support from SUNY

Person Identifying a Phish on Laptop with steaming coffee next to them

Beware of Subscription Phish

Devices with phishing warning icons

Best Buy & Geek Squad Phishing Email Attacks

Beware of phishing emails claiming to be from FIT’s Human Resources Department

Report Phishing

Add to your mental tackle box by viewing these additional resources.

Reporting A Phish Email

KnowB4's

Top-Clicked Phishing Emails

CISA Advisory

CISA Advisory

Avoid Social Engineering and Phishing

National Cyber Security Alliance

National Cyber Security Alliance

Resource Library