Phishing Awareness

Owned by Will Bowden
Last updated: Mar 05, 2024
5 min read

What is phishing?

 

According to the U.S. Department of Commerce, the National Institute of Standards and Technology defines ‘phishing’ as:

 

A digital form of social engineering that uses authentic-looking—but bogus—e-mails to request information from users or direct them to a fake Web site that requests information.

 

Another way of defining 'phishing' is:

  • Online scammers pretending to be someone/something familiar and trying to get you to cooperate so they can steal your identity/money

 

Why is Phishing such a Big Concern?

  • Phishing is a huge threat to the world. Billions of dollars have been stolen and millions of people have fallen victim to identity theft in the past five (5) years due to phishing. This poses a threat to all Florida Polytechnic University students, staff and faculty, and it should be treated seriously.

 

Three R’s, Three Phases, and Phishing Precautions

 

What are we supposed to do? Just remember The Three R’s.

The Three Rs of Phishing.PNG

 

To help increase awareness in phishing, we first have to understand how it plays out. These are The Three Phases of the Phishing Life Cycle we should look out for.

 

Phase 1: Bait

If a person gets an email or text that looks legitimate and puts them in an urgent (or even low-profile) scenario, below are some things the person is prompted to do, but they should not:

  • Do not Click a link

  • Do not Download & Open an Attachment

  • Do not Scan a QR code

  • Do not Take a Specific Action (i.e. buy gift cards, send money, update information, etc.)

 

Now that we understand how phishing works and what are the best actions to take, let us look at some examples users could encounter and more specific precautions to keep in mind.

 

Don’t Fall for the Bait! (How to Spot Phishing)

 

A) Always be aware of every email

- Be sure of every email you receive before you interact with it or take action from it

B) Identify Fraudulent Elements

- All email communications that Florida Polytechnic University faculty & staff have with students will

only be exchanged between their @floridapoly.edu addresses. Students are advised to avoid sending emails to faculty & staff from their personal emails (i.e. Gmail, Yahoo, AOL, etc.)

- Instructors are not allowed to email students about:

→ Financial Matters (sending/receiving money, loans, scholarships)

→ Personal Information (phone numbers, mailing addresses, Social Security Numbers, etc.)

C) Reach out to Assumed Sender with Verified Contact Method

- Confirm with the assumed sender by face-to-face, through a phone call, online messaging, or a

mutual acquaintance

 

To assist with spotting phishing emails, this graphic below can help identify some common Fraudulent Elements.

 

Phishing Example.PNG

 

And here are some real life examples of phishing emails that have impacted students at Florida Poly!

 

Show Us Where the Hook is! (How to Correctly Report Phishing)

 

A) Use Email Function

- Gmail (Report Phishing button: found in the top right corner of email when open)

- Other Email Providers

→ Some providers may not have a simple action to Report Phishing. Here are additional links

for some other email services

> Yahoo! Mail

> Outlook

> Apple iCloud

> ProtonMail

 

B) Screenshot Email

- Do not forward or share the email. A screenshot must be used.

C) Email Florida Poly’s IT Help Desk (helpdesk@floridapoly.edu) with the attached screenshot

- If the phishing email has any affiliation with Florida Polytechnic University, proceed with this step

- Contact and notify others that you suspect could have received the phishing email as well

 

Think You Got Caught? Here are your Next Steps.

 

A) Check Online Financial Accounts/Credit Bureaus for Unknown Activity

- Check personal banking accounts first for any mysterious transactions/deposits

- Create/Log in to accounts with the three following Credit Bureaus to look for any suspicious

findings in your credit report (i.e. loans, credit cards you do not recognize):

Experian

Equifax

TransUnion

- If anything does not look right to you, contact the certain financial organization to possibly report

identity theft

B) Change Usernames and Passwords

- If unexplained activity is detected or not, it is still best practice to update usernames and

passwords for most or all online accounts (especially email, organizational, and financial)

C) Scan Device/Network for Malware and notify the IT Help Desk

- Use these following links to learn how to scan your own device without additional software:

Microsoft Windows

Apple macOS

- While it may not be necessary for every case, but scanning a network requires additional steps and

software to be installed, which is explained in the following link:

How to Perform a Network Virus Scan

Last Resort

If evidence shows your information has been compromised, continue to report to all of the right authorities. Starting with these recommended actions:

- If you suspect identity theft as a result of phishing, you can file an IC3 Complaint

(Federal Bureau of Investigation)

- If you detect malware on your device, you can file a CISA Report

(Cybersecurity & Infrastructure Security Agency)