What is phishing?

According to the U.S. Department of Commerce, the National Institute of Standards and Technology defines ‘phishing’ as:

“A digital form of social engineering that uses authentic-looking—but bogus—e-mails to request information from users or direct them to a fake Web site that requests information.”

Another way of defining 'phishing' is:

Online scammers pretending to be someone/something familiar and trying to get you to cooperate so they can steal your identity/money

Why is Phishing such a Big Concern?

Phishing is a huge threat to the world. Billions of dollars have been stolen and millions of people have fallen victim to identity theft in the past five (5) years due to phishing. This poses a threat to all Florida Polytechnic University students, staff and faculty, and it should be treated seriously.

Three R’s, Three Phases, and Phishing Precautions

What are we supposed to do? Just remember The Three R’s.

Phase 1: Bait

If a person gets an email or text that looks legitimate and puts them in an urgent (or even low-profile) scenario, below are some things the person is prompted to do, but they should not:

Do not Click a link
Do not Download & Open an Attachment
Do not Scan a QR code
Do not Take a Specific Action (i.e. buy gift cards, send money, update information, etc.)

Phase 2: Hook

If any of the above Phase 1 actions occur and a person follows through with the phishing email,

(potentially deploying undetected Malware/Spyware/Ransomware)

they are then redirected to a website that prompts them to type in their personal information.

(i.e. Name, Address, Credit Card, Social Security, etc.)

Phase 3: Catch

If the person submits their information from the previous Phase 2, the scammer behind the email uses the information to:

Create/access online accounts (financial, organizational, personal email)
Lock out the person from their accounts by changing login credentials
Make purchases/Transfer money from the person’s own funds

Now that we understand how phishing works and what are the best actions to take, let us look at some examples users could encounter and more specific precautions to keep in mind.

Don’t Fall for the Bait! (How to Spot Phishing)

1. RECOGNIZE

A) Always be aware of every email

Be sure of every email you receive before you interact with it or take action from it

B) Identify Fraudulent Elements

All email communications that Florida Polytechnic University faculty & staff have with students will only be exchanged between their @floridapoly.edu addresses. Students are advised to avoid sending emails to faculty & staff from their personal emails (i.e. Gmail, Yahoo, AOL, etc.)
Instructors are not allowed to email students about:
- Financial Matters (sending/receiving money, loans, scholarships)
- Personal Information (phone numbers, mailing addresses, Social Security Numbers, etc.)

C) Reach out to Assumed Sender with Verified Contact Method

Confirm with the assumed sender by face-to-face, through a phone call, online messaging, or a mutual acquaintance

To assist with spotting phishing emails, this graphic below can help identify some common Fraudulent Elements.

Show Us Where the Hook is! (How to Report Phishing)

2. REPORT

A) Screenshot Email

Do not forward or share the email. A screenshot must be used.

B) Use Email Function

Gmail (Report Phishing button: found in the top right corner of email when open)

Other Email Providers
- Some providers may not have a simple action to Report Phishing. Here are additional links for some other email services

C) Email Florida Poly’s IT Help Desk (helpdesk@floridapoly.edu) with the attached screenshot

If the phishing email has any affiliation with Florida Polytechnic University, proceed with this step
Contact and notify others that you suspect could have received the phishing email as well

Think You Got Caught? Here are your Next Steps.

3. RECOVER

A) Check Online Financial Accounts/Credit Bureaus for Unknown Activity

Check personal banking accounts first for any mysterious transactions/deposits
Create/Log in to accounts with the three following Credit Bureaus to look for any suspicious findings in your credit report (i.e. loans, credit cards you do not recognize):

If anything does not look right to you, contact the certain financial organization to possibly report identity theft

B) Change Usernames and Passwords

If unexplained activity is detected or not, it is still best practice to update usernames and passwords for most or all online accounts (especially email, organizational, and financial)

C) Scan Device/Network for Malware and notify the IT Help Desk

Use these following links to learn how to scan your own device without additional software:
- Microsoft Windows
- Apple macOS

While it may not be necessary for every case, scanning a network requires additional steps and software to be installed, which is explained in the following link:

How to Perform a Network Virus Scan

Last Resort

If evidence shows your information has been compromised, continue to report to all of the right authorities. Starting with these recommended actions:

If you suspect identity theft as a result of phishing, you can file an IC3 Complaint

(Federal Bureau of Investigation)

If you detect malware on your device, you can file a CISA Report

(Cybersecurity & Infrastructure Security Agency)

Questions?

If you have any questions or need additional assistance, please reach out to the IT Help Desk.

Phone

+1 (863) 874 - 8888

Email

helpdesk@floridapoly.edu

Help Desk Availability

Spring/Fall

Mon → Thur:

8 AM - 8 PM (EST)

Fri:

8 AM - 5 PM (EST)

Summer

Mon → Fri: