Online Safety, Security, and Privacy

Phishing is an attempt to steal your data, usually by tricking you into believing the source (email, instant message, text, website, etc) is from a viable source (even a source that you explicitly trust such as a boss or a friend) and then having you send them data or otherwise engage with a link/file that will collect your data.

What kind of data? All sorts:

• Personal data that can be used to access your accounts (birthdays, security question type answers)
• Credit Card information,
• Social Security Numbers,
• PINs,
• Information about your account, including username and password,
• and other information that can be used to target you. 

Phishing can be targeted or sent out more generally. Unlike versions of hacking where security breaches are used (such as passwords or network insecurities), this is more a form of "social engineering" type attack where people engage with you to try and get you to share using a varieties of tricks (identify theft; pleas for help; claims of security or other technical issues on your account; commands or instructions from a seeming authority; pretense of friendship; offers of employment; threats of damage if you do not respond; etc). Highly targeted phishing attempts can be hard to spot and might refer to you by name, include personal information, or take advantage of your online behaviors. Because of this, phishing attempts can be hard to spot and the damage caused by being successfully phished can be hard to quantify. 

This advice largely comes from The University of Alabama in Huntsville's Office of Information Technology's page (and emails) about avoiding phishing and is used with permission. It has been summed up, slightly, expanded in a couple of places, and reworded. See their page for more information and greater details, including examples.

Clues that you are being phished:

• Unofficial or unusual looking "From" address. Look out for a sender's email address that is similar to, but not the same as, a company's official email address. Examples might include something like person.uah.edu@[other domain] or something like person@uah.[non-edu domain] or simply a wholly different email address claiming to be someone you know/trust.
• Urgent action required. Phishers often include urgent "calls to action" to try to get you to react immediately. Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." The phisher is taking advantage of your concern to trick you into providing confidential information. If you get an email saying there is an error with one of your accounts, try going directly to the account itself and check it out there instead of going through the provided link or hitting reply. 
• Requests for personal information (especially personal information beyond the basic norm) such as your password, Social Security number, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.
• Generic greeting. Phishers often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear Customer" or "Dear Member".
• Link to a fake website. To trick you into disclosing your username and password, phishers often include a link to a fake website that looks (sometimes exactly) like the sign-in page of a legitimate website. Just because a site includes a company's logo or looks like the real page doesn't mean it is. Logos and the appearance of legitimate web sites are easy to copy. In the email, right click on the link and click "Copy Link Address" and paste it into a document (use something like Notepad or another text editor) to see if it matches what it claims to be. If you have already clicked, double check the URL in the address bar.
• Honestly, any attempt to drive you to a link (or to open an attachment) when the information could have been in the email. Examples might include offering you a job but asking you to click the link (and make an account, etc) to see the job offer, or saying there's an important update but you need to unzip the file attached to read it.
• Changes in Known Writing Styles/Behavior from Trusted Sources. Do you know the person/organization sending the email but the email seems to be different than their normal: missing a signature, changing their greeting, changes in spelling or the way things are laid out, sending you a .DOCX file (or .ZIP file, or even .EXE file) when they always use Google Docs? Are they using software to connect to you that they normally do not use. Things like that. 
• Offering You Something You Have Not Requested (or vice versa). Are they saying they have a job offer for you without you applying for a job or posting your resume? Are they saying that you have a transaction to complete you never started? Are they asking you for help though you have not offered it?
• Spelling errors, poor grammar, or inferior graphics. Fun fact, some are written like this on purpose to see if you are paying attention and to weed out attentive folks. 
• Attachments (which might contain viruses or keystroke loggers, which record what you type). And yes, attachments are a regular part of all emails, etc, but pay attention to other signs before clicking on them and opening them.

All of these things could occur in perfectly legit emails (UAH uses third party apps so sometimes the from address is different, sometimes people are just in a hurry to send an email and type it on their phone instead of on their computer, a friend/coworker might have told someone else you were interested in a job) but using these signs can protect you quite often. 

(from the OIT phishing page) Most importantly, never reply to suspicious emails, tweets, or posts with your personal or financial information. Also, don't fill out forms or sign-in screens that link from these messages. In fact, it is safest to not click any links from suspected phishing attempts.

What should you do if you have been phished or suspect you have? Again, see the OIT Phishing page for more information and helpful links (it was the source of some of the information below, including the graphic):

1. Change your password immediately (or answers to your security questions, if the information shared might be used to crack those). Also change any passwords on other accounts that match the compromised password. Whatever account was potentially compromised, check to see if any settings were changed (filters, newly authorized apps, etc) after you have changed your password.​
2. Report the email [see below].
3. If you are on UAH campus and this is your UAH email, you can also forward a copy to helpdesk@uah.edu. 
4. If you shared bank account, credit card, or other such information: contact those institutions immediately. 
5. If you opened a file and suspect you have contracted a computer virus, etc, then run virus protection scans immediately (UAH folks can contact OIT).
6. If this came from a supposedly trusted source, contact them through some other means (assume their email/etc was compromised even if it was a spoof).

If you shared other information, such as your social security number or other personal information, it might be hard to rectify immediately. You will need to check your accounts regularly. There are services that can track things like new accounts in your name, you might want to try signing up for one of them. 

Reporting the phishing attempt 

(taken from the OIT page) Most email providers, including Gmail, allow you to report suspicious emails and phishing scams. To report phishing in your UAH Gmail account, from the Gmail web interface, select the arrow in the upper-right corner of the message and click "Report Phishing."

See also:

• Mental Floss: 7 Steps to Take if You Are the Victim of a Phishing Scheme