What is Phishing?
Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords. – phishing.org
Phishing Prevention Tips
- NEVER share or give away your credentials.
- Install antivirus and malware software on your personal devices.
- Ensure antivirus and anti-malware software is updated.
- Scan your computer for viruses and malware frequently.
- Do not open attachments or click on the link if you do not know and/or trust the sender.
How can I tell if an email is a phishing attempt?
The TSU campus is often a target of phishing scam emails. The emails look like official emails, but Information Technology (IT) is not sending them. It is important for you to recognize these emails.
OIT will never ask you to send your password in an email. If you receive an email that asks you to send your password, you should delete it immediately.
Notice the from email address
Check the From, Reply-To, and Sender addresses. IT will always send official emails using tsu.edu. Here are some sample phishing From and Reply to addresses:
- Internet Service Manager firstname.lastname@example.org
- WEBMAIL HELPDESK email@example.com
Check Subject Lines
Here are some sample phishing email subject lines:
- WEBMAIL ACCOUNT DE-ACTIVATION UPGRADE.
- Verify Your .edu Email Account Now!
The message of a phishing email is trying to trick you into sending your personal information. If you send your ID and password, scammers can use your email account to send spam. Always be skeptical of official-looking emails.
- “Verify your email address”: IT will never ask you to “verify your account” or “upgrade your account.”
- Be skeptical of any emails that ask you to “verify your account.”
Pay attention to email signatures. Generic signatures or non-standard formats are often clues that an email is a phishing email. If it doesn't look right, contact the IT Service Center to confirm if the email is legitimate. Some examples of “generic” signatures include:
- Webmail Team.
- Edu Maintenance Team.
- Educational (.Edu) IT Service Help Desk Administrator.
- Webmail Help Desk.
- Emails to confirm your username and password.
- Unexpected emails with links to a website to enter your username and password.
- Any unexpected solicitation to confirm your credit card information.
- Financial institutions emailing to confirm personal information.
- Emails to confirm your social security number.
- Unexpected email with links.
- Emails claiming to have personal information about you.
- “Join this Application and enter your password” emails.
For more information about phishing and common scams, visit https://www.hoax-slayer.net/.
If you receive an email and it makes you suspicious, you should contact the IT Service Center. They will help you determine if the email is legit or a phishing scam.
Here are the ways you can report a suspicious email:
- Forward the email to firstname.lastname@example.org.
- Call IT Service Center at 713-313-4357.