Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.
The good news is we can avoid the phish hook and keep our accounts secure with these tips!
Stay Safe with Three Simple Tips
1. Recognize
Look for these common signs:
- Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
- Requests to send personal and financial information
- Untrusted shortened URLs
- Incorrect email addresses or links, like amazan.com
A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.
2. Resist
If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.
If a message looks suspicious, it's probably phishing.
However, if you think it could be real, don't click on any link or call any number in the message. Look up another way to contact the company or person directly:
- Visit a verified website for the company and use this contact information. To find verified websites, search for the site in your web browser or type the address yourself if you’re sure you know it.
- Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.
GW faculty, students, and staff can forward suspected phishing emails to abuse[@]gwu.edu. This account is monitored by the GW IT Security team. They investigate phishing reports to ensure that others at GW do not have the phishing message in their inbox.
Additional Tips available on the Secure-Our-World-Phishing-Tip-Sheet as well as in the following video published by CISA.
Recognize and Report Phishing (Audio Description)
Posting content obtained from https://www.cisa.gov/secure-our-world/recognize-and-report-phishing