Phishing is a term used to describe a form of internet identity theft. Banking, credit card, and email accounts are most frequently the targets of phishing attacks.
If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you confirm your information, do not reply or click on the link in the email. Instead, contact the company or organization directly using a telephone number, email address, or web site address you know to be genuine.
Before clicking on a link in any email, check the sender's identity by hovering over the name displayed in the From field in your email client. If the account name and sender's domain (the part after the @) don't correspond to the sender's claimed identity, the message may be fraudulent.
Continuing with hovering, check the destination of links in an email message by examining the URL displayed when you hover your mouse over them. Two things to look for here are a legitimate-looking domain and the presence of https: at the start of any URL where you will need to authenticate.
If an unsolicited email message contains an attachment, check with your computer support staff, such as the Arts Computing Office (ACO) Help Desk, before opening any attachments. In particular, do not open zip file attachments or files for which the "attachment" icon in your email client does not match their expected file type.
Never transmit your credentials (userid/password, credit card number, banking information) via email. When visiting web sites you know to be legitimate, always make sure that you use the secure website. You should see a lock icon on the bottom status bar of the window and the web address should start with https://
Keep your operating system up-to-date. Microsoft and Apple regularly release security updates.
If you are ever uncertain whether an email message is a phishing attempt, ask someone you trust to provide technical support, such as the Arts Computing Office (ACO) Help Desk.
If you report suspicious emails to staff, it is important to include the full header of the email so that the true sender may be found. To do so, please see Information Systems & Technology's instructions on getting full headers from your email client.