How to recognise a phishing attack

What is Phishing?

Phishing is a form of online fraud. In a typical phishing incident, you may receive an email or pop-up message that claims to be from IS Services or another business or organisation that you may have previously dealt with for example eBay or Bank of Ireland. The message may ask you to ‘update,’ ‘validate,’ or ‘confirm’ your account information.

College staff and students should treat any email that asks for your username and password details with extreme caution. The consequences of falling victim to a phishing attempt are not limited to your own account, but could affect the College community as a whole. One compromised account could potentially endanger vast amounts of sensitive data. Or, one compromised account distributing large amounts of spam could result in College losing email as a service entirely for a period of time.

How can I recognise a phishing email?

Always trust your instincts, if an email offers something that looks too good to be true, it possibly is.  Similarly don’t be tempted to respond hastily to an email which threatens to disable your account. Check the IS Services website or give the helpdesk a call if you are unsure whether an email is genuine or not.

Phishing emails often have the following types of characteristics:

  • They may use language like ‘important notice’, ‘urgent update’ or ‘alert’ or ‘violation’ with a deceptive subject line to persuade you that the email has come from a trusted source.
  • They may contain messages that use threatening language, stating that your account will be disabled if you do not act.
  • They may appear to come from someone in College but you should be aware that email addresses can be forged easily.
  • They  may copy content such as  logos and images used on legitimate websites to make the email look genuine.
  • They may contain hyperlinks that will redirect you to a fraudulent website instead of the genuine links that are displayed.  If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link typed in the message.

Have a look at the example of a recent phishing message sent to College users below:

 

What should I do when I receive a phishing email to my College email account?

Staff members who suspect that they have received a phishing email, and have not clicked on any links in it or acted on it in any way should report it to our anti-spam service by forwarding it to abuse@frontbridge.com. Emails sent to this address will be considered for addition to the list of known sources of SPAM, and so will no longer arrive into College. When forwarding an email to this address please ensure to include the email headers.

What do I do if I think I have responded to a phishing email in College?

If you have replied to a phishing message or clicked on any links within the email body and entered your College username and password please immediately change your password and report this to the Helpdesk (+353 01 896 2000).

Finally remember ..

IS Services will never ever ask for your username and password via email and you can confirm any communications from us with our website isservices.tcd.ie or the Helpdesk.

 

IS Services

Comments are closed.