What is phishing?
Phishing is a calculated scam that uses legitimate looking email messages containing malicious attachments or links to fraudulent websites encouraging recipients to give up their personal data or information such as passwords, credit card numbers, social security numbers, etc. The goal of phishing can be to acquire sensitive information about you, or to gain control of your computer and local network resources.
The attackers typically send an email to a very large group of individuals whose addresses have been captured from compromised address books and websites from across the web. These deceptive messages can be well-crafted and official in appearance, claiming to be from a reputable organization, but are not.
View recent phishing incidents
Report a phish
Common characteristics of a Phishing email:
- Asking for personal information
- Creates a sense of urgency or has an impending deadline
- Use of poor spelling and grammar
- A forged sender's address
- A generic greeting
- Fake web links
- Mismatched URL's
What you can do about phishing:
- Do not respond to any emails or phone calls from any organization asking you to provide personal information. Delete or report the message immediately.
- Before you click on any link, hover your cursor over the link to see where the link really goes. When you put your cursor over a link without clicking, your web browser will display the actual address.
- Do not click any links in suspicious messages. Instead, navigate to the relevant system or website directly via your web browser.
- Do not enter personal information into any pop-up windows.
- If you receive an email from a colleague that seems odd or out of context, contact that person directly if possible. Do not reach out via email, their account could be compromised.
- Keep your computer software up-to-date with the latest security updates.
The following should never be shared through email:
- Social Security numbers
- Credit Card numbers
- Bank Account numbers
- Health Record Information
Reputable organizations do not normally contact their customers asking for personal information through email.
Gettysburg College students can use the “Report phishing” feature within O365 Outlook located under Junk. Students are also encouraged to forward the phishing email as an attachment to firstname.lastname@example.org or email@example.com.
If you got caught by phishing:
If you gave away any personal information in response to a phishing email or a suspicious webpage, your account may be compromised. Immediately change your password. Do not use the same password that is being used by other accounts.
- View our phishing brochure: Phishing Education PDF
- Google Phishing Quiz (Google). A free quiz to help you learn how to spot phishing: https://phishingquiz.withgoogle.com/
- Site Safety Center (TrendMicro). Test to see if a website is safe by entering the URL on this page: https://global.sitesafety.trendmicro.com/
- Fight Phishing (Phish Tank). Provides a list of websites that have been reported as phishing sites. Includes the ability to add phishing site to their list. https://www.phishtank.com/index.php
- Documentation links from Federal Trade Commission (FTC):