Tips to Prevent Phishing Attacks
What is Phishing?
A phishing attack is a fake email designed by malicious hackers to look like it is coming from a trusted brand or institution (like Lamar University, the LU Service Desk, banks or credit card companies).
Why do Hackers Phish?
The goal is to get you to click on the links and/or open an attachment.
Once you give up your user names and passwords or any personal information, it can be used to breach your employer's systems, steal your money, or steal your identity.
5 ways to identify a phishing attack
Who is the real sender?
Does the supposed sender match the address inside the “<>s”? For Example:
From: LamarServiceDesk<jdoe987@example.com>
While the name, LamarServiceDesk, in this email address may appear legitimate, the email address, jdoe987@example.com, is not from the Lamar University Service Desk. This email may have been compromised or spoofed.
Most phishing attacks originate from an individual email account that has nothing to do with the organization represented, or it looks very close to the real address… but not close enough (amaz0n.com vs. amazon.com)
Check the addressee.
If the email comes from a brand or institution you do work with, your name generally appears in the first line of the email. If it says "Dear Customer", or something equally impersonal, that is a warning sign.
Use your "mouse hover".
An effective tool to identify and avoid phishing attacks is the mouse hover. Use your mouse to position the cursor over the link without clicking.
Caution: Do not click on the link, just hover over it, and you will see the destination address or URL appear in a pop-up bubble or in the bottom left corner of your screen.
If the destination address does not lead to a site you would expect, it is likely a phishing attack.
What's in the footer?
The footer of any legitimate email should contain, at a minimum:
- A physical address for the institution or brand and
- An unsubscribe option.
If it lacks either of these items, it is probably fake.
