What is Phishing?
Phishing is a tactic used by nefarious individuals to trick or coax parties into divulging their personal information including, but not limited to, user account credentials, bank account info, phone and additional email address, and confidential university information.
The ultimate goal is: Money
Your information can be sold, our internal data systems hijacked for ransom, your personal bank accounts emptied, or you can be frightened into doing things you'd typically never do by highly trained individuals in countries where our laws and protections are ineffective.
Report ALL suspicious emails to WITS by forwarding them to firstname.lastname@example.org
We can often determine the threat, level of exposure, and take action to prevent you or others from falling into a trap.
How to recognize a phishing scam
Phishing scams are constantly evolving, but one thing is always true: They try to earn your trust in a convincing manner and then get something from you. A few examples:
- The Boss Scam
- Someone spoofs the email address of your supervisor, instructor or high-level employee
- They ask for your help and, if you respond...
- They want you to text them, where they ask you to purchase and send gift card or other items of value
- The "You have a Virus" Scam
- Some legitimate company says your computer is infected and needs to be repaired
- They convince you to give them remote access to your computer...then...
- They scrape your browsers for stored login info, access your bank account, empty it...then...
- Then they encrypt your hard drive and demand a ransom to unlock your now unusable computer
- They may even gain access to other systems on the network, putting the entire institution at risk
- The "Unexpected Opportunity" Scam
- An email says you have an undeliverable package, an attractive work-from-home offer, or other unexpected opportunity
- You send your financial info to pay a small delivery fee, or your bank account info to receive payment
- And...your account has been emptied, or your card maxed-out
- The "Account Locked / Reset Password" Scam
- An official-looking email claims you need to verify your password or lose access
- Or your account has been disabled and you need to 'unlock' it
- And...you just gave away your username and password
What are we doing to prevent phishing and extortion via email?
Willamette University uses both proactive and reactive means of training community members to recognize and report suspicious email.
- Proactive Measures
- Mandatory cybersecurity training modules for all employees, contractors, and adjuncts
- Submission of suspicious emails by the community to WITS for analysis
- Third-party "phishing training" emails that include numerous suspicious attributes
- When someone falls for the trigger, they receive information about the risk of such messages
- Reactive Measures
- Analysis of threat level and community exposure
- Announcements when widespread phishing attempts target the university
- Isolation and analysis of devices on which users may have fallen for a phishing attempt
Want to learn more?
For additional information on Phishing and online scams, and what to do if you've been a victim, visit the Federal Trade Commission's detailed website.