You've been hooked! What now?

Take a few minutes and read through this tutorial to learn more about phishing and how to spot malicious emails in the future.

  • Phishing scams account for 90% of data breaches as of 2019.
  • Around 30% of the people targeted open the malicious email and 15% of those will be targeted again in the same year.
  • Phishing email scams have grown by 65% since 2018.

  • These numbers are scary, but we're here to help. This guide will help you learn how to spot the bogus emails so that you'll be ready for future attacks!


What is Phishing?

Phishing is a fraudulent attempt to get sensitive data or information from people like their usernames, passwords, financial information or credit card details by disguising as someone trustworthy.

How to stay safe

It's okay to be suspicous!

Tip #1 - Use your Cautious Lens.

In this digital age information is exchanged so rapidly it's difficult to keep up. You see so many emails every day that it's easy to become numb to the influx of information. We enter a state of mind. Click here, get it done, move on. Unfortunately, the bad guys know this and capitalize on our behavior. To combat their efforts, take an extra second to look at each email through your Cautious Lens. If you're unsure if the email is legitimate, ask someone. It's better to be safe than sorry and it's okay to be a little suspicious! Benjamin Franklin once said, "Distrust and caution are the parents of security." With that in mind use your Cautious Lens and the remaining tips below to help keep yourself, and your colleagues, safe.

The Devil is in the Details!

Tip #2 – Who what where when why?

Now that you know to use your Cautious Lens, go one step further and break the email down.
Who did the email come from? Check the From Address and see if you recognize the account.
What is the email asking? If the request is vague or unclear, chances are the intention of the email is something else entirely.
Where do you see spelling or grammar errors? Sure, we all make mistakes, but most phishing emails would fail a middle school English exam.
When do you need to respond or take action? Quite often, phishing emails will ask that you move quickly or take action immediately.
Why are you receiving this email? Why do you have to download this attachment? Why do you need to sign in to fill out a form?

Hover before you click!

Tip #3 - Use the hover technique!

You're going to love this one. The Hover Technique can, and should, be applied to your day to day email barrage as well as your web browsing and overall digital experience. It's simple, and enlightining. Here's how it works. Move you cursor over a link and leave it there. Don't click! A small box will appear near the cursor and/or in the bottom left of the window. In the box you'll see the hyperlink that is embedded in the link you're hovering over. Try it now. Where does this link actually take you?

Depending on the application you’re using, you may only see one box with the information displayed. Be sure to use the Hover Technique for every link in your emails!

Last but not least... Don't panic!

Tip #4 - We all make mistakes.

It’s extremely important to us that you know we’re here for you. If you do click on a malicious link, download a bad attachment, or provide credentials to a phony website, the first thing you should do is let a member of the Department of Technology know. We will provide you with directions and steps to ensure you and your colleagues remain safe.

Check out the resources below for more information on how to contact the Service Desk, sign up for the Self Password Reset Tool, or learn more about Phishing. Thank you for all your hard work and stay safe out there!