Phishing FAQ
About the Phishing FAQ
Phishing messages try to trick you into revealing personal data. Here are frequently asked questions about phishing.
What is phishing?
Internet fraudsters send spam or pop-up messages to get personal information from unsuspecting victims. This includes:
- credit card numbers
- bank account information
- Social Security number
- passwords, or other sensitive information
The email message may claim to be from a business or organization that you trust — for example, it may say it is from Marquette, your Internet service provider, bank, online payment service, or a government agency. It may ask you to “update” or “confirm” your account information, or it may threaten a serious consequence if you don’t reply.
The message links to a web site that looks just like a legitimate organization’s site. But it is a fake site to trick you into sharing your personal information so the sender can steal your identity and make payments or commit crimes in your name. Some phishing emails contain software that can harm your computer or track your activities on the Internet without you knowing.
What are the signs of a phishing scam?
The message appears to be coming from Marquette University or another institution that asks you to take action of some sort (e.g., update account information). It is the type of information that’s being requested that should serve as a warning to you.
Do not respond to the following:
- Urgent requests for personal financial information
- Alarming statements that tell you to act immediately
- Requests for "restricted" information including:
- Usernames and passwords. Marquette IT Services will never ask you for your username or password, or other restricted data, through email, phone, text or other means.
- Account numbers
- Social Security Number
- Health Information
- Messages that are not personalized. Banks and other legitimate senders usually refer to you by your name.
- Messages with an unusual From address or an unusual Reply-To address.
What do I do if I receive a suspicious email?
- If you are accessing your email via the Outlook desktop application on a computer running Windows, with a message opened, click Report Message from the ribbon and choose Phishing. A prompt will appear asking if you would like to report this message. Click Report.
- If you are accessing your email via the Outlook desktop application on a computer running MacOS, with a message opened, click Report from the ribbon and choose Report Phishing. Report Phishing will bring up a prompt to either Don't Report or Report. Click Report.
- If you are accessing your email via https://outlook.office.com in a web browser, with a message opened, click Report from the ribbon. A prompt will appear notifying you of what constitutes a phishing email. Click OK.
- Forward phishing emails with their complete and full headers to: spam@uce.gov and reportphishing@apwg.org.
How can I avoid getting caught by a phishing scam?
- Don’t reply to an email that asks for personal information. Never give out your username, password, credit card or social security number in response to an unsolicited request. Be wary of unsolicited messages.
- Don't click the link in the message.
Instead, phone the company or do an Internet search for the company’s true web address. Phishers can make links look like they go to one place, while they send you to a different site.
- Be cautious opening email or attachments from unknown sources. Any attachment, regardless of who sent it, may contain a virus or files that can weaken your computer security.
- Use spam filtering to reduce the amount of unwanted email in your inbox, as well as help protect you from malicious attacks. Adjust your spam filters to activate spam filtering.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Make sure your browser is up to date. Learn more about Safe Computing at Marquette.
What are some examples of phishing?
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
(Copied from https://www.ftc.gov/)
What if I already provided my personal information?
If you have provided your username and or password, contact the IT Services TechSquad immediately. If you gave out financial information, contact the institution or organization that the account is associated with and they can help you to make your account secure again.
Where can I go for more information?
http://www.sec.gov/investor/pubs/phishing.htm
http://www.ftc.gov/bcp/edu/microsites/idtheft/
https://support.microsoft.com/en-us/office/phishing-and-suspicious-behaviour-0d882ea5-eedc-4bed-aebc-079ffa1105a3
http://www.ftc.gov/bcp/menus/consumer/data/idt.shtm