Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies.
Phishing e-mails provide a link to a seemingly authentic website where you can login and reveal your username, password and other personal identifying information. Online scammers can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.
General Protection Against Phishing Scams
What can I do to protect myself?
- NEVER RESPOND TO A REQUEST FOR YOUR PASSWORD sent by e-mail, even if the request appears legitimate. RVC IT staff will NEVER ask for your password.
- Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call. Do not open attachments in unexpected or suspicious e-mails or instant messages.
- Do not click anywhere on the e-mail—even in what may appear to be white space.
- Delete the e-mail or instant message.
- If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish. The real link may also be masked. Move your mouse over the link and it may show a different address than the one displayed in the e-mail.
- Be selective in what sites you provide with your RVC e-mail address.
What are IT Services doing to protect me?
The RVC has sophisticated filters that attempt to protect you from receiving malicious emails and spam emails. All computers supported by IT have antivirus and Anti-Malware software installed which acts as a second line of defence. Unfortunately, the perpetrators of malicious email are aware of these defences and are constantly innovating.
Report a phish
Report a phish by emailing firstname.lastname@example.org. You can forward phishing attempts to this email.
Spear phishing targets a specific person or group of people (usually within a specific organisation). Spear phishing e-mails are tailored to match internal communications at the target organisation and may even include personal details.
A good resource to help identify and avoid falling for a phishing scam is Get Safe Online's Spam and Scam email page.
Some tips from Bank Safe Online:
- Phishing is still a threat. Always remember that banks will never contact customer by email to ask for passwords or any other sensitive information by clicking on a link and visiting a website.
- The email address that appears in the ‘from’ field of an email is not a guarantee that the email came from the person or organisation that it claims to have originated from.
- Fraudsters are unlikely to know your real name, so the email may address you in vague terms, for example ‘Dear Valued Customer'.
- Phishing emails will probably contain odd ‘spe11ings’ or ‘cApitALs in the ‘subject’ box and contain spelling or grammatical errors in the email – this is an attempt to get around spam filters and into your inbox.