How to Avoid and Report Phishing Scams
Applies to: Students, Faculty, Staff
Revised: 2022-10-24
Status: Approved
Answers the questions:
- How do I avoid phishing scams?
- What do I do if I fall for a phishing scam?
- What is a phishing scam?
What is a Phishing Scam?
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company or institution asking you to provide sensitive information. This is usually done by including a link or attachment that may appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to those behind the scam.
The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.
What is Spear Phishing?
A Spear Phishing scam is the fraudulent practice of sending emails ostensibly from a known or trusted sender (such as your supervisor, coach, or friend) in order to induce a targeted individual to reveal confidential information. The scammer is looking to obtain credit card information, bank routing numbers, or usernames and passwords.
How to Identify and Avoid Phishing Scams (Key Characteristics):
A phishing email or spear phishing email may have some of the following characteristics:
-
The email is sent from an email address that is not an @Asbury.Edu email address. This may not be obvious at first, but if you hover over the name you can see the exact email address.
- You may also receive phishing emails to a personal (non-Asbury) email, and you should always check the sender's email address to see if it is legitimate and be cautious of clicking unknown links or opening attached files.
- Other indicators include spelling mistakes and unusual formatting or lack of a signature (if your supervisor/manager normally uses a signature).
- Many phishing or spear phishing attempts play on a sense of urgency, asking you to complete a task or share information immediately.
For more information on recognizing and avoiding phishing scams, see this video created by Dell. In the video, they walk through examples of what fake websites and email addresses may look like so you can better recognize and respond to phishing emails.
If you did provide personal information to the scammer, you may report the incident to authorities using the tools provided on the State Attorney General's Identify Theft page.
Identity Theft - Kentucky Attorney General