October 15, 2020

Tips to avoid phishing scams

The Office of Information Technology (OIT) is providing information to help you avoid becoming a victim of phishing, as part of National Cybersecurity Awareness Month.

A “phish” is a fraudulent text or email meant to entice unsuspecting victims into clicking a link, opening an attachment, or disclosing sensitive information for malicious intent. Phishing is a form of cybercrime that continues to be a real security threat to the campus community. In fact, educational institutions are among the top three organizations that cybercriminals target.

Before clicking on a link, opening an attachment or reacting to any email request – even from a familiar source – consider:

  • Do you know the sender?
  • Did you expect the email?
  • Is the email consistent with something you might expect from the sender?
  • Does the email seem suspicious?

Here are a few tips.

Verify senders. Although it may have a familiar name associated with it (in the email address on the From line), look at the address itself. If the email is unexpected or seems fishy, it is likely a scam. Call the sender to verify that they sent it.

Don’t be lulled by logos. If a logo is on the internet, anyone can copy it and use it. Although logos can be reassuring, do not trust an email because it has a recognizable logo.

Scrutinize the content. Be wary of typos, poor grammar, or odd phrasing and sentence structure. Phishing emails are notorious for typos and poor grammar.

Question links and attachments. Unless a link or attachment is expected, avoid clicking on or opening them. To screen links and attachments, hover the mouse above a link and look at the URL that appears in the bottom left corner of the screen.

The OIT has additional tools to help you spot and avoid scams on the Information Security website. When in doubt about an email, click the Report Suspicious Phish button in the top right corner of Outlook.

Users can also contact SalukiTech at 618-453-5155 or salukitech@siu.edu if they receive a suspicious email. SalukiTech will assist the user in vetting the content.