|Student Survival Guide|
|This article is part of the
Student Survival Guide Series
What is Phishing
Information From WSU
PHISHING IS SERIOUS BUSINESS! IT THREATENS YOUR SECURITY ALONG WITH THE SECURITY OF WINONA STATE UNIVERSITY.
The most common form of phishing is emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks to “confirm” your personal information for some made-up reason: your account about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. A phishing email that you may receive regarding Winona State is one which states that the WSU IT Department wants you to confirm your username and password. Do NOT do this! THE WSU IT DEPARTMENT WOULD NEVER ASK YOU TO REVEAL PRIVATE INFORMATION IN AN EMAIL
What Should You Do
- If you receive an email that asks for your PASSWORD, CREDIT CARD, or any other private data - DO NOT respond (email, web form, etc.). Although these emails can (and usually do) look official and appear to be sent from a legitimate source, they are SCAMS. The WSU Information Technology Department would never ask you to reveal private information such as your password via email. This is also true of your Bank, PayPal, e-Bay, etc.
- The safest way to protect yourself is to NEVER share your password(s) with anyone.
- Don’t click on links within emails that ask for your personal information.
- Never enter your personal information in a pop-up screen.
- Report Phishing Emails
- If you suspect or know that private data is being used or shared inappropriately, refer to the Minnesota State system Breach Notificaiton Standardand contact your supervisor. If you have any questions or concerns you can contact TSC Phone Support at 507-457-5240.
Report Phishing Emails Please
To help the WSU IT Department identify security threats please forward any emails that ask for your password to firstname.lastname@example.org.
The safest way to protect yourself is to NEVER share your password(s) with anyone.
How to Protect Yourself from Commons Scams
- If you get an email or pop-up message that asks for personal or financial information, do not reply.
- The IT department would NEVER ask you to verify your password in an e-mail so do not verify in an email.
- WSU laptops already have Antivirus software DO NOT install another antivirus software.
- You have not won the lottery in Spain, the Netherlands, Canada or anywhere else. You didn’t buy a ticket, did you? Do not reply to these emails.
- A poor widow or bank manager does not need your help to move money from a dead person’s account to another place so do not reply.
- The IRS is not electronically auditing you so do not reply.
- The jury duty clerk never calls for your Social Security number so do not provide it.
- Banks and credit card companies do not email you to verify your account information so do NOT reply.
Types of Phishing
- Basic phishing:
- Attackers send out mass-emails to potential victims in hopes that some will respond with desired personal information
- Spear fishing:
- Attackers target sets of users or groups by sending messages tailored to these individuals
- Attackers target company executives or other high-ranking individuals through specialized company-related or personal requests
- Cat fishing:
- Attackers adopt a fictional online persona to lure potential victims into a relationship, usually for financial gain
- Attackers use phone systems and voiceover IP technologies to encourage potential victims to provide personal information
Checking links before you click to open them on a PC