Find the information you need to protect yourself against phishing attempts. Learn to recognize an attempt and find out what steps you should take if you receive a phishing attempt or give your personal information to a phisher
Applies To: Students, faculty, staff, alumni, and parents
Last Updated: November 20, 2020
What is a Phishing Attempt?
A phishing attempt is a fraudulent email, text message or phone call designed to fool you into giving out your Personally Identifiable Information (PII). These messages are sometimes successful because the message appears to come from a trusted source, such as your bank or UB.
Still need help?
Contact the School’s IT Department
Recognizing a Phishing Attempt
Phishers use a variety of means to gain your Personally Identifiable Information (PII). Learn how to recognize a phishing attempt.
Applies To: Students, faculty, staff, alumni, and parents
Last Updated: November 20, 2020
Vehicles for Phishing Attempts
- Email attachments and links
- Pop-up windows or messages
- Phone calls
- Instant messages (IMs)
- Text messages
- Fake system notifications (impersonating Dropbox, UBbox, etc.)
How You Can Tell It’s a Phishing Attempt
You can tell it’s a phishing attempt if:
- Has a deceptive email header. Check message headers carefully to see who the sender really is. Phishers use colors, logos and phrasing from companies and universities to make their communication seem genuine and mimic a legitimate email address.
- Directs you to a website that looks legitimate, but is not. Sometimes the phisher uses a URL that appears similar to a genuine source’s URL in order to trick you. To avoid being fooled:
- Make sure the URL for any form matches the trusted place you intend to go.
- Hover your mouse over a link without clicking it to see the link’s destination.
- Do an Internet search for the actual company URL.
- Asks you to give, update, validate or confirm your account information.
- Requires an immediate response such as, “You must respond within 24 hours”.
- Threatens dire consequences if you do not respond.
- Contains forms or dialogue boxes that prompt you to enter your Personally Identifiable Information (PII).
- Is not a secure page. Before entering any PII, be sure a page is security enabled (starts with https, not http). Never fill in forms you receive in email, or ones you were directed to by an unsolicited message, pop-up or text.
- Contains spelling and grammatical errors.
- Fails to address you by your name and instead addresses you as “Client,” “User” or “Customer”.
- Appears to be from a reliable source. Phishers disguise themselves as reliable, familiar sources like a bank, telephone or computer companies.
- Promises services or rewards that are too good to be true like offers on coupons or promises to remove computer viruses. This is often a way of gaining access to your email address or computer itself.
- Tries to entice you by offering you the latest technology. Phishers will often use products like iPads, phones, laptops, and flat screen televisions to get your email address or phone number.
- Looks like a suspicious update by a friend on a social media network. Scammers target popular social media sites and use messages or updates from friends as a way to lure you to sites requesting your Personally Identifiable Information (PII).
What to Do If You Receive a Phishing Attempt
Identify and react to a phishing attempt in a way that protects yourself and your children.
Online Messages
If you suspect that an email or text message you received is a phishing attempt:
- Do not open it. In some cases, the act of opening the phishing email may cause you to compromise the security of your Personally Identifiable Information (PII).
- Delete it immediately to prevent yourself from accidentally opening the message in the future.
- Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms, or spyware.
- Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
- Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.
- Report it. Help others avoid phishing attempts:
-
- Check if the attempt has already been reported
- If not, report it to the school’s IT Department. Attach the mail message with its mail headers in your message.
Phone Calls
If you receive a phone call that seems to be a phishing attempt:
- Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local.
- Do not respond to the caller’s requests. Genuine institutions and legitimate companies will never call you to request your PII. Never give PII to the incoming caller.
Still need help?
Contact the School’s IT Department
What to Do If You Give Your Personal Information to a Phisher
Act Now
Choose actions based on the information you revealed and how that information can be used.
Your username and/or Password
- Immediately notify the school’s IT Department so they can change your school password
- Immediately change your password. If you use this password on other accounts, change those to new unique passwords now.
- Report the phishing attempt.
- Check if the attempt has already been reported.
- If not reported, Report the phishing attempt
Your Bank or Credit Card Account Number, Password or PIN
- Call the bank’s hotline, usually printed on the back of your bank card, and report the incident.
- If you have transferred money to a phisher, report the incident to your local police.
- Inspect your statements carefully for signs of account misuse.
- Determine if you want to put a lock on your credit records. This will keep anyone from opening a new account.
- Go to your bank’s online website and look for information about fraud, phishing or identity theft. Find out what your bank expects you to do.
Your Social Security Number
- Put a lock on your credit report to block the creation of any new credit card accounts.
- Review the recommendations from the Social Security Administration about identity theft and your Social Security Number.
Still need help?
Contact the School’s IT Department
Scan Your Computer for Personally Identifiable Information
Keeping Personally Identifiable Information (PII) on your computer is a security risk. Learn the different types of PII that may be located on your computer and download software that can help you remove it.
What is Personally Identifiable Information (PII)?
Never give out your Personally Identifiable Information (PII) unless you are certain that the recipient of your PII is legitimate.
PII includes your:
- Username and password
- Answers to security questions
- Account numbers
- Social Security number
- Driver’s license number
- Credit card information
- PINs
- Home address
- Mother’s maiden name
- Date of birth
- Medical records
Removing PII from Your Computer
Keeping PII on your computer is a security risk. You can use the tools on our IT System Safety Tips page to scan and remove PII from your computer.
Still need help?
Contact the School’s IT Department