Phishing is when criminals send specially crafted email messages in order to get users to give up their usernames and passwords, or other personal information. Their goal is to obtain access to user accounts, often to send spam from compromised email accounts, but also to acquire access to bank accounts or information useful for identity theft. Please access the ISO phishing website for guidance on how to recognize a phishing message, what to do if you if you’ve received a suspicious message or if you’ve fallen victim to one. At minimum:
- Don’t click on links sent to you by individuals you’re not familiar with.
- Don’t open any attachments that you’re not expecting; confirm with the sender to be sure that attachments or links are legitimate.
- Never divulge your password to anyone, and pay close attention to the web address of any website requesting you to log in.
- Don’t use the same password for all of your online accounts (e.g. facebook, Twitter, Linkedin, Apple, Amazon, bank, U. T., etc.) in particular those providing access to funds or confidential information.
- Be aware of the typical email communications of the services you use; any non-typical behavior is a warning sign.