Phishing Emails

What are phishing emails?

Phishing emails are a type of social engineering attack that are used to obtain information about a person or organization. A malicious actor will try to take you to malicious sites that can capture your login information. They might even send you attachments that contain malware! The data obtained can be used to infiltrate an account or an organizations network.

What do they look like?

Attackers will try to mimic an organization logo or email template. This is done to encourage you to click on links or open malicious attachments.

It is common for phishing campaigns to take advantage of current events and times of the year. For example, you can see an increase during:

• Start of a new semester
• Natural disasters or epidemics
• Tax season
• Political elections
• Holidays

How can you avoid being a victim? 

1. Pay attention to links and where they are taking you. The URL may have misspellings or a different domain (e.g., .com vs .net). You can use the following websites to scan a web address to get more insight on how the link behaves and help determine if it is malicious. Right click the hyperlink and choose copy address, then paste the web address on their website and their services will scan, analyze, and report their findings.
   1. Virus Total
   2. URL scan

2. If you get a suspicious link that wants you to log in, go to the vendors website on your own instead to view any alerts and activity. Going to the official website on your own can bypass any potentially malicious content.
3. Always verify the sender is legitimate.
4. Don’t send sensitive data through email. You can refer to the Purdue Data Classification and Handling information.
5. You can report any suspicious communications to abuse@pnw.edu. If it is a personal account, you can email the third-party to report the malicious communications.