Email is an essential part or our everyday communications. It is also one of the most common methods that hackers use to attempt to gain access to sensitive information. More than 90% of data breaches start with a phishing attack. Phishing uses fraudulent email messages designed to impersonate a legitimate person or organization and trick the recipient into downloading harmful attachments or divulging sensitive information, such as passwords, bank account numbers, and social security numbers.
Phishing scams can have a number of different goals. They may attempt to:
- Target your cash and payment card data
- Gain control of your computer and local network resources
- Gain access to your District Computer Account and resources
Phishing scams typically attempt to take advantage of you by:
- Delivering file attachments that can infect your computer with harmful software
- Enticing you to click on links to websites that infect your computer with harmful software
- Tricking you into sharing your username and password so hackers can gain access to your network or other sites
You can identify a phishing scam by looking for email messages that:
- Create a sense of urgency
- Invoke strong emotions, like greed or fear
- Request sensitive data
- Contain links that do not appear to match legitimate resources for the organization that is contacting you
Always remember that legitimate companies and organizations will never ask for passwords, social security numbers, and other sensitive data via email.
Check Your Sender
Most phishing e-mails will have a sender name that doesn't match the address.
- Verify the sender address
- May identify as Apple or Google, but when you look at the senders address it will look suspicious
- Good examples are companies like PayPal and Amazon always send correspondences from "...@Amazon.com" and "@PayPal.com"
Example Phishing Attempt
***Note the sender address is NOT CapitalOne***
Reporting a Phishing Scam
Although your first instinct may be to ignore or delete suspicious emails, we recommend that you report them to our team. We will examine the email and, if necessary, advise you of any further steps you may need to take.
To report a phishing scam, forward the phishing email to: Technology Department.
University of Pittsburgh
Accessed 2 May 2019.