Phishing is the term for a type of attack whereby a malicious actor attempts to trick a person into revealing sensitive information about themselves or their organization.

Phishing is the term for a type of attack whereby a malicious actor attempts to trick a person into revealing sensitive information about themselves or their organization. The most common method of contact is via email, but phishing attempts can come from telephone calls as well as text messages. Potential consequences of this attack are a loss of control of personal accounts, compromised banking information, data loss, or even damage to your devices.

How do I identify phishing attempts?

Phishing attempts come in many different forms, but most often will contain one or more of the following elements:

• Urgent call to action or threats – Often times this will come in the form of a threat of criminal prosecution or a financial penalty if the action the sender wants is not taken immediately.
• First time senders – While it is not unusual to receive emails from new individuals, one should take an extra moment to scrutinize any communication from an unknown sender.
• Spelling and grammar mistakes – Emails from professional organizations are often scrutinized before being published, so a high number of spelling and grammar mistakes are often a sign of being an awkward translation, or an intentional effort to evade spam filters. Unfortunately, with the increased usage of AI in attacks, this may not be as good an indicator as it once was.
• Generic greetings – organizations that work with you most often will personalize their communications to you, rather than relying on generic greetings such as “Dear sir or madam”.
• Mismatched email domain – Be mindful of the email address from any new email you receive. For example, if you receive an email claiming to be from your bank, but you see that the email address it was sent from ends with ‘@gmail.com’, you can be reasonably confident that the email is not from your bank.
• Suspicious Links and attachments- never open links or attachments from any email that you have suspicions about, or do not know where they are coming from.

What do I do if I receive a suspected phishing email?

If you receive an email that you have concerns about on your Washburn University email, there are simple steps you can take to both protect yourself as well as assist the ITS Team in improving our security.

If you are on the Desktop version of outlook, simply click the “Phish Alert Report” button on the upper right hand of the screen.

If you are on Outlook Web Access (Outlook on your internet browser), look for the three dots (ellipsis) on the open email, right next to the reply and forward arrows, and click onto the drop-down menu to find the Phish Alert V2 option.

If you are on the Outlook Mobile App for iOS, this one can be slightly confusing, look for the ellipsis not at the top right of the screen, but on the top right of the open email just below the date. Tap on it and a menu with the Phish Alert will appear.

If you are on the Outlook Mobile App for Android, this one can be slightly confusing, look for the ellipsis not at the top right of the screen, but on the top right of the open email just below the date. Tap on it and a menu with the Phish Alert will appear.

For more information, please refer to this training document.

Stay vigilant! 

--WU ITS Information Security   

www.washburn.edu/cybersecurity