Have you ever received a “phishy” email asking you to confirm or verify your account? Phishing scams have increased significantly in the past year, says Lyndon Joyce, ITS User Support and Engagement lead.
Phishing is when people attempt to gather personal information such as usernames, passwords, bank account or credit card information through malicious email links or attachments. Usually, messages follow a standard framework that can be easy to spot. Be alert for the following features of a typical phishing email:
- Random capitalization: Official emails from the University will never use all capital letters for the University’s name.
- Urgent subject lines: Phishing emails try to create a sense of fear and urgency, while official emails from the University typically do not.
- Bad grammar, awkward phrasing or out of context sentences
- Bad links: Hover your mouse over a link to see the target destination. If you see a long, strange link that does not look familiar, it’s probably a phishing link.
ITS works hard to eliminate the impact to the University and potentially sensitive data of phishing emails. Once someone reports a suspicious email, the team springs into action within 15 minutes. Unsafe links are blocked to prevent on-campus users from accessing them. ITS contacts the web site hosts of the unsafe link to request that the link is removed. ITS then posts the subject and body to the its.unc.edu/phish-alerts website (removing the unsafe links first). You can use this site to see reported phishing messages, which can help you identify phishing attempts in the future. If the person who reported the message informs ITS that they were compromised by the message, we begin the Onyen Compromise process.
If you encounter a phishing email, be sure to forward it to firstname.lastname@example.org. If you’re not sure if an email is phish or not, visit Phish Alerts on the ITS website where you can see a list of the most recent phishing emails.