Resources‎ > ‎

Phishing

Phishing explained

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your school, your Internet service provider, your bank). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.

One type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to "click here" to verify your information. See an example below.

Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.


Avoiding phishing scams

To guard against phishing scams, consider the following:

HACC and other reputable organizations will never use email to request that you reply with your password, full Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself. Never reply to or click the links in such a message. If you think the message may be legitimate, go directly to the company's website (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.

HACC's Office of Information Systems and Technology (OIST) will NOT send you emails that:
  • Ask for your password, claim it is expiring, or direct you to reset it via a link.
  • Mention anything relating to your mailbox quota or storage limit.
  • Direct you to verify or validate your mail account by clicking a link.
  • Claim you need to update settings on your email account because of a system upgrade (to Web Mail, Outlook, OWA, Office 365, etc.)



Example of a phishing scam
The following phishing scams were targeted at the HACC community:

SUBJECT: DROPBOX: Important File!

From: S531585@nwmissouri.edu
Subject: DROPBOX: Important File
Sent: Monday, April 23, 2018 6:47 PM
Subject: DROPBOX: Important File!

Hello,
You have a new file sent via Dropbox.

Note: Login with your hacc.edu ID!

Access Your Files Here

Regards,
Dropbox Services.



Subject: IT Support

Dear User

Due to recent upgrades on our servers Your 5 (Five) incoming Emails are on hold. Please validate below to retrieve your email

click RESET to retrieve your email. 
 
We are sorry for the inconvenient.
With best regards

IT Support


Subject: TECHNICAL UPDATE

From: Kercheville, Scott E [mailto:kercheville@uthscsa.edu]
Sent: Thursday, September 28, 2017 11:10 AM
To: Kercheville, Scott E <kercheville@uthscsa.edu>
Subject: TECHNICAL UPDATE

We will be performing several software updates on our servers today at 9pm EST (2:00 GMT). The maintenance is required in order to keep our servers secure and up-to-date.
 All users are required to click HERE in order to automatically update his/her account.
 
Notice: To ensure you receive our future emails such as maintenance and update notification, kindly make sure your account is updated as an active user.



Subpages (1): Phishing Samples