Phishing (pronounced fishing) is the act of using methods of communication (such as e-mails) for the express purpose of obtaining personal information (such as passwords or credit card numbers) or manipulating others to perform unauthorized actions (such as bank transfers or purchases).
There are many forms and styles of phishing. Most involve fraudulent or hijacked e-mail accounts posing as a reputable individual, team or company. The e-mail usually requests a simple action (please pay this vendor, please click on this link, please verify your account information, etc). Some add company logos, color schemes and official sounding titles to make them look more authentic. What makes phishing attacks successful is they prey upon human nature: to be helpful and trusting or to act out of fear or worry.
If you are unsure if this e-mail is real or not, you can do one or more of the following:
Call the individual or company to confirm. Do not use the contact information found in the e-mail (such as phone number, e-mail or website address). Instead, look it up yourself.
Investigate it yourself.
Ask ITS. You can forward the e-mail to the Help Desk (helpdesk@ccsf.edu) and we will look into it.
If you've responded to the e-mail:
IMMEDIATELY change your password and any other accounts that use the same password. (Security Tip: Do not use the same password on multiple accounts. See for more info.)
Check your rules. The bad guys like to add e-mail rules that send a copy of everything to them.
You need to look at immeditately get this very empourtent document now before its taken gone and you don't get to see. Then you account will be closed forever.
Your IT Teem Dept
Red flags:
Sender is suspicious. Who is "IT tame of SF colleg"?
Not from an @ccsf.edu account
Numerous typos, spelling mistakes, grammatical errors, poor English and not professional
Important. Please send me your username and password so I can check if your account is up to date. If you don't send it, I will have to terminate your account. I need it by the end of today.
Sincerely,
A. Smith
Red Flags:
Not from an @ccsf.edu account
Are you really the target audience?
Why would they need your username and especially your password to check your account?
What tone is the message sending? Are they trying to scare you? Rush you?
Example #4:
Example #5:
Red flags:
ÃÈ·µ¼º½ doesn't have an "EMAIL IT Department" nor even a more reasonable E-mail Team. ITS signs off messages with a person's name and contact info.