Phishing attacks use e-mail or malicious websites to solicit personal information like login credentials or financial data. Attackers may send e-mail seemingly from a reputable institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Here are a few keys to avoid becoming a victim of a phishing attack:
- Never reply to an email that asks for personal or financial information. Do not visit any links or call any phone numbers that are included in the message.
- Don't provide personal or financial information via email. Requests for this type of information via email are not legitimate.
- Be a skeptic. Forward any message that you believe to be a phishing attemplt to email@example.com
- IT will never ask for your username/password in an email
This one requests that the user clicks a link to "re-validate" your account:
"This is to notify you that you are over your mailbox limit which is 250MB as set by your mailbox manager, you are currently at 257MB, you will not be able to create new e-mail to send or receive messages until you validate your mailbox. To re-validate your account,click here:"
This sample requests that users respond with account credentials, including DOB:
This message is from ewu.edu messaging center to all
ewu.edu email account owners. We are removing
access to all our Webmail clients. Your email account will
be upgraded to a new enhanced webmail user interface
provided by ewu.edu
Effective from the moment this email been received and
response received from you. Ewu.edu will
discontinue the use of our ewu.edu Webmail and our
ewu.edu webmail Lite interfaces. To ensure your
e-mail address book is saved in our database kindly enter
your details filled below: