This article describes:
Phishing is the act of falsely claiming to be an established and legitimate individual or enterprise for the purpose of convincing someone into sharing private information that can be used to inflict damage upon them (e.g., identify theft, financial theft) or a system they have access to. Phishing attacks can occur by email, phone, or text. Private information requested in phishing attacks often include usernames, account passphrases, credit card information, social security numbers, or bank account numbers. Phishing emails may also include URLs or attachments that when accessed download malware onto the target’s system.
If you believe your account has been compromised or if you wish to report a suspicious-looking email, refer to the Self-Reporting Spam and Phishes Knowledge Base Article.
Keep the following security tips in mind:
If you receive a suspicious looking email, do not respond back. Phishers will often try to initiate a conversation to build trust with you. If you receive a phone call where they ask if you would like more details on their program or product, tell them that you will call their company or go to their website to collect this information. Never provide your personal information if you did not initiate the phone call.
Virginia Tech will never request your VT username or passphrase from you. No matter how eloquent, realistic, or grammatically correct a request may sound, if the request is for your passphrase or other personal information, it is fake. Do not respond to any email message or phone call requesting your Virginia Tech VT username and passphrase. Anyone who requests this information intends to use it in a malicious manner.
If you need to provide someone with a passphrase, you should do so securely either through a direct meeting with the person or an encrypted communication. The passphrase you provide should always be something that the recipient must change immediately. Passphrase should never be shared between multiple users.
If you receive an unexpected email with a link or an attachment, do not click it. If the email claims to be from a colleague, ask them about it. If it appears to be from another organization, then call that organization’s customer support center and ask them to verify the message.
If you receive an email claiming to be from someone that you know but its content seems out of place in comparison to their typical emails or if their message is expressing a sense of urgency around an action they want you to take, you should check the sending email address to confirm the identity of the sender. Common examples are requests asking to help them gain access to an account or make an immediate purchase. Phishers will often “spoof” or change the display name to match one of your contacts. By checking the sending email address, you can determine if the message truly came from the email address of the person being identified in the message.
All faculty and staff are required to change their passphrases annually by policy. However, you can change it more often. If at any time you feel something odd is happening with your account or if you find out you clicked a link from an unknown sender, you should immediately change your passphrase. For instructions, see Changing or Resetting My Password.
Exchange Online and Gmail both have automatic filtering enabled for automatically detected spam, junk, and phish emails. If your Junk Mail folder is disabled, then Exchange Online and Gmail will be unable to filter them, and they will remain in your main folder.
In this training, you will learn what phishing is, how it is used by malicious actors to steal information, attack the university's network, or compromise VA Tech accounts and computers of students, faculty, and staff.
This Microsoft website provides a list of strategies for protecting yourself online. It also provides information for protecting your information at home, at work, and how to identify threats, such as common support scams.
The Virginia Tech IT Security Office manages this awareness program to educate users on how to recognize security threats and protect personal data.
This site provides a short assessment to help users test their own knowledge on correctly identifying phishing attacks.