Phishing

Phishing attacks steal personal information by tricking you into doing something, like clicking a link or entering your username and password. Phishing comes in many forms: emails, phone calls, website downloads. These phishing attempts may look like they are from Florida State University—often IT Services or the Service Desk—but don’t fall for the tricks! Follow these tips to help protect yourself from phishing attacks.

REMEMBER! FSU will never ask you for your FSUID username and password in an email or phone call.

Phishing Warning Signs

Username and password request
Again, FSU or any legitimate company—banks, insurance companies, social media accounts, etc.—will never ask for your username and password in an email or phone call. NEVER reply to an email or phone call with your username and password, and NEVER enter your password on a site you accessed via a link in an email.

Spelling erors and ungood grammer
Most cybercriminals did not get an “A” in English class. At FSU and other reputable companies, communications are proofed by professional copy editors and communication specialists to make sure everything is top quality before it goes to press. If you see ghastly spelling errors or cringe-worthy grammar, it’s likely a phishing message.

Suspicious links
A link. That’s usually where it all starts. Always stop and think before clicking email and website links. Keep in mind that you can make anything a hyperlink. Even though the text might say www.fsu.edu, there is no guarantee that you’ll end up on that site. Hover over or long tap a link to display the true URL.

Threats
Cybercriminals often try to bully you into taking action by threatening you will lose something if you don’t respond right away. Common threats include “your email account will be closed” or “your device is infected.” The goal of cybercriminals is to make the situation seem dire so that the victim—you—feels obligated to take action and provide personal information. In real life, ITS is really quite nice, and we will never require you to log in to keep your account.

Spoofed websites
Does something look a bit off? If you clicked a link in an email, pay attention to the page you landed on. Scam artists often spoof trusted websites, making their phony site look very similar to the real thing. Pay particular attention to the URL; if it is anything other than expected, close the page immediately.

Phishing Example

Here’s an example of what a phishing email might look like.

Phishing-Email-Sample.png

Tips to Avoid Phishing Scams

  • Think before clicking email and website links and never click a link that looks suspicious.
  • Before clicking, hover over or long tap a link to display the true URL and see if it is linking to a reputable website.
  • Instead of clicking, type website addresses in your browser to access sites directly.
  • Be skeptical of messages that require “immediate action” or threaten that you will lose something.
  • Do not open attachments you aren’t expecting—especially ZIP files—and NEVER run .exe files.
  • Avoid providing personal information over the phone, especially from an unsolicited call.
  • Never send credit card or other sensitive information via email.
  • Use common sense. If it looks like spam, then it probably is spam.

Reporting Phishing Attempts

If you have been targeted by a phishing attack at FSU:

Links

Check out the following resources for more info and tips on how to avoid phishing scams.

How to Spot a Phish

Phishing Emails and You

Don’t Take the Bait

Phishing (SANS Ouch! Newsletter)

Phishing IQ Test

One Click Video*

Rebate Video*

How to Spot a Phish Infographic

Phone Phishing Infographic

*Videos provided by AT&T