Phishing & Malware Scams
Be wary of unsolicited emails. Malware is everywhere.
Phish or Spam?
No, it's not what's for dinner!
However, it could be a question you struggle with when deciding what types of email to report to your IT department. Potentially malicious emails make it to your inbox every day, so it's important for you to understand the difference between a Phishing email and a Spam email.
This Email Seems Phishy
Phishing is the process of attempting to acquire sensitive information (such as usernames, passwords, and credit card details) by pretending to be a trustworthy entity. Most commonly, phishing emails will try to lure you into clicking on a link or opening an attachment.
Phishing emails can appear to come from reputable businesses or even departments and users from within your own organization. They often have a sense of urgency to them. Some may even use shock and intimidation to get what they want.
If you come to the conclusion you've been sent a phishing email, we strongly recommend that you report the email to your IT department for their review.
- Be cautious about opening attachments or clicking on links in emails. Even your friend or family members' accounts could be hacked. Files and links can contain malware that can weaken your computer's security.
- Do your own typing. If a company or organization you know sends you a link or phone number, don't click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.
- Make the call if you're not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If you think a company, friend or family member really does need personal information from you, pick up the phone and call them yourself using the number on their website or in your address book, not the one in the email.
- Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised. As an extra precaution, you may want to choose more than one type of second authentication (e.g. a PIN) in case your primary method (such as a phone) is unavailable.
- Back up your files to an external hard drive or cloud storage. Back up your files regularly to protect yourself against viruses or a ransomware attack.
- Keep your security up to date. Use security software you trust, and make sure you set it to update automatically.
Spam is unsolicited, unwanted email typically sent for marketing purposes. It is often trying to sell you something, such as unwanted goods or services – but, it is not asking you to take specific action. Although spam can be annoying, it is common to receive it in your business email. These types of emails do not typically need to be reported, unless you believe they pose a threat to your organization. In most cases, spam email can simply be deleted or ignored.
Note: Always follow your organization's policy regarding what type of email to report in case it differs from the above.
Report phishing emails and texts.
- Forward phishing emails to spam at uce dot gov – and to the organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To ensure the header is included, search the name of your email service with "full email header" into your favorite search engine.
- File a report with the Federal Trade Commission at FTC.gov/complaint.
- Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
- You can also report phishing email to reportphishing at apwg dot org. The Anti-Phishing Working Group – which includes ISPs, security vendors, financial institutions and law enforcement agencies – uses these reports to fight phishing.
This article and any information contained herein is intended for informational purposes only. The publisher will not be responsible for errors or omissions or any damages, howsoever caused, that result from its use.
Sources: KnowB4, Federal Trade Commission