To review the most recent phishing attempts: ITS PHISH TANK. For tips on phishing avoidance, click here.
The University (and other reputable institutions) will not ask for personal or password information in unsolicited e-mail messages, so you should NEVER respond to them nor click on any links in the message, no matter how real they appear to be. Report any suspicious phishing emails to email@example.com and CC firstname.lastname@example.org.
You can hover your cursor over a link (don't click!) to reveal the actual false link. In a phishing scam this often will be a URL which you won't recognize and different from what is visible. If the message contains broken English and grammatical errors that is also a telltale sign of phishing.
Knowing what to look for will help you identify a phishing scam; however, if you have any doubt at all about the validity of the message, call a contact number for the organization obtained from verifiable paper correspondence or from the telephone book. Is it phishing or legitimate? Take the SonicWALL Phishing IQ test.
Though phishing messages can vary in design or style, many contain similar elements used by attackers that can be identified to help protect users from falling victim. Below are some common tricks used by attackers to phish their targets:
Be advised that there is a phishing scam circulating on campus offering employment
as a personal assistant to professors. The offers award the “potential employees” with
checks, but the checks are fraudulent.
Visions Federal Credit Union has seen a number of these fraudulent checks recently,
and has stopped them.
Although the employment offers are sent primarily via email, the solicitor has, at times, continued the conversation through text messages. Be mindful and stay alert. If you have any doubts about the validity of a check you receive or any questions, bring your inquiries to the Visions branch office in the University Union for assistance.
HOW can you tell the email is a fraud?
1. The sender's actual email does not match their displayed name:
The sender attempts to make his email address look like a "binghamton.edu" address, but by looking to the right of the displayed name (or by hovering your mouse over the sender's name), we can see the actual address is email@example.com. Posing as a trusted sender by changing their displayed name is a common tactic used by phishing attackers.
2. Link in message goes to suspicious site:
Check to make sure links in messages are going to the sites they are claiming. If a message claims to be from a Binghamton University sender, links for services should be to binghamton.edu web pages.
3. Message asks for personal information to be sent back:
Reputable organizations will NEVER ask for personal information, especially financial information or passwords, to be sent via email. Binghamton University ITS especially will not demand password this type of information be sent in order to confirm an account or prevent account suspension. Be wary of any message making these types of requests.
4. Message contains aspects of urgency to respond:
A common technique used by attackers is to create a feeling of urgency to respond in order to make the targets feel compelled to act quickly, and without properly evaluating the legitimacy of the request. Messages that contain demands of response or action in a short time frame, and threaten action on their part if not met, should be especially met with suspicion.