What is phishing?

banner for security correspondence

In a phishing scheme, a bad actor poses to be a credible person in an attempt to steal your login credentials. Once your login credentials are obtained, that person can access various systems, including the Application Portal, which is a one-stop shop with access to G Suite/email, Canvas and more. Phishing is also an entry point for malware, including viruses and ransomware.

The tell-tale signs of a phishing email:

  • Does the email contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Report the phish via GMail’s built-in feature, then click the delete button. How to Reporting Phishing in Gmail.
  • Check the sender’s e-mail address to make sure it’s legitimate. Does it appear that the Support Desk is asking you to click on a link but it comes from “support@yahoo.com?” What if it’s “support@muhlenberg.edu” but it says it’s “via” another address? If it lists anything anywhere that says something other than “muhlenberg.edu?” Report it, then delete it.
  • OIT will never ask you for your password through email. Any request for one should be treated as suspicious and reported as phishing. Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. 
  • Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
  • Take extra care with mobile devices, as some of these signs are not as easily seen