Don’t fall for a phishing attack!
Phishing is a form of social engineering. Phishing attacks use email, malicious websites, social network sites, or phone calls, to solicit personal information by posing as a trustworthy organization, friend, co-worker, etc. For example, the latest phishing attempt on our campus has an attacker posing as an IWU alumni that is seeking to employ an IWU student, but this person is actually trying to obtain your personal information.
How do you avoid being a victim?
- Be suspicious of unsolicited phone calls, visits, or email messages, from individuals asking for personal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company or trusted resources.
- Look closely at return email addresses and hover over website links to verify who you are actually responding to, or where a website link is actually taking you. Does the senders name match the email address? If not, be skeptical!
- Typos and grammatical errors indicate the message may be a phishing attempt.
- Never give out personal information over the phone if you did not initiate the call.
- Do not provide personal information or information about yourself or your organization unless you are certain of a person’s authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- If you are unsure whether a request for your personal information is legitimate, try to verify it by contacting the company directly or by asking for contact information of the person asking so you can call and verify they are who they say they are.
- Never provide your email password to anyone!
What do you do if you think you are a victim?
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Report any email messages you feel may be phishing schemes to Information Technology Services.
- If you believe you might have revealed sensitive information, please contact Information Technology Services or Campus Safety.